Search squid archive

Transparent proxy (Tproxy4)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Hello,

I've configured a transparent proxy as TProxy4 (http://wiki.squid-cache.org/Features/Tproxy4).

But I don't see anything in squid access log.

* OS = Linux Fedora 20.

* Cache log says at start-up :

....
2014/02/19 12:23:53 kid1| Accepting WCCPv2 messages on port 2048, FD 11.
2014/02/19 12:23:53 kid1| Initialising all WCCPv2 lists
2014/02/19 12:23:53 kid1| HTCP Disabled.
2014/02/19 12:23:53 kid1| Squid plugin modules loaded: 0
2014/02/19 12:23:53 kid1| Adaptation support is off.
2014/02/19 12:23:53 kid1| Accepting HTTP Socket connections at local=0.0.0.0:8080 remote=[::] FD 12 flags=9 2014/02/19 12:23:53 kid1| Accepting HTTP Socket connections at local=0.0.0.0:3128 remote=[::] FD 13 flags=9 2014/02/19 12:23:53 kid1| Accepting TPROXY spoofing HTTP Socket connections at local=0.0.0.0:3129 remote=[::] FD 14 flags=25
...

********************************

* The router is connected to the wccp port :

udp        0      0 194.214.158.189:2048    194.214.158.165:2048         ESTABLISHED

********************************

* iptables seems OK

# iptables -t mangle -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N DIVERT
-A PREROUTING -p tcp -m socket -j DIVERT
-A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY --on-port 3129 --on-ip 0.0.0.0 --tproxy-mark 0x1/0x1
-A DIVERT -j MARK --set-xmark 0x1/0xffffffff
-A DIVERT -j ACCEPT
#

********************************
* kernel routing seems OK :

# ip -s -f inet rule
0:	from all lookup local
32764:	from all fwmark 0x1 lookup 100
32765:	from all fwmark 0x1 lookup 100
32766:	from all lookup main
32767:	from all lookup default

# ip -s -f inet route
default via 194.214.158.165 dev eth0
169.254.0.0/16 dev eth0  scope link  metric 1002
194.214.158.0/24 dev eth0  proto kernel  scope link  src 194.214.158.189
#

********************************
* squid.conf :

wccp2_router                    194.214.158.165
wccp2_forwarding_method          gre
wccp2_return_method              gre
wccp2_assignment_method          hash
wccp2_service standard           0

  I shall change wccp2_service to dynamic after, but for start-up, it
  should work, I guess.

********************************
* On the router (switch/router) we have this :

ip wccp web-cache redirect-list 120

interface Vlan16
 description Vlan Users
 ip address a.b.c.d v.w.x.y
 no ip redirects
 ip wccp web-cache redirect in


access-list 120 remark le proxy SQUID bypasse la redirection
access-list 120 deny   ip host 194.214.158.207 any
access-list 120 permit tcp 192.168.16.0 0.0.0.255 any eq www
access-list 120 deny   ip any any

*********************************



What more shall I look ? There's something wrong ? Any hint ?

Thanks for your help.

--




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux