I have been unable to get TPROXY working correctly with squid. I have
used the steps in http://wiki.squid-cache.org/Features/Tproxy4 and re
checked everything.
Versions:
Kernel 2.6.28-11-server (ubuntu)
Squid Cache: Version 3.1.1
configure options: '--build=x86_64-linux-gnu' '--prefix=/usr'
'--includedir=/include' '--mandir=/share/man' '--infodir=/share/info'
'--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=/lib/squid3'
'--disable-maintainer-mode' '--disable-dependency-tracking'
'--srcdir=.' '--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3'
'--mandir=/usr/share/man' '--with-cppunit-basedir=/usr'
'--enable-inline' '--enable-async-io=8' '--enable-storeio=ufs,aufs'
'--enable-removal-policies=lru,heap' '--enable-delay-pools'
'--enable-cache-digests' '--enable-underscores'
'--enable-follow-x-forwarded-for' '--enable-auth=basic'
'--enable-external-acl-helpers=ip_user' '--with-filedescriptors=65536'
'--with-default-user=proxy' '--enable-epoll'
'--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu'
--with-squid=/home/mike/squid-3.1.1 --enable-ltdl-convenience
iptables v1.4.3
I can see http traffic incrementing through my DIVERT and PREROUTING tables
Chain PREROUTING (policy ACCEPT 166K packets, 41M bytes)
pkts bytes target prot opt in out source
destination
2963 202K DIVERT tcp -- any any anywhere
anywhere socket
1684 85244 TPROXY tcp -- any any anywhere
anywhere tcp dpt:www TPROXY redirect 0.0.0.0:3129 mark
0x1/0x1
Chain INPUT (policy ACCEPT 22640 packets, 1278K bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 23918 packets, 3770K bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 23918 packets, 3770K bytes)
pkts bytes target prot opt in out source
destination
Chain DIVERT (1 references)
pkts bytes target prot opt in out source
destination
2963 202K MARK all -- any any anywhere
anywhere MARK xset 0x1/0xffffffff
2963 202K ACCEPT all -- any any anywhere anywhere
When I use -v -v there all the counters for errors are at 0
Squidclient shows:
Connection information for squid:
Number of clients accessing cache: 2
Number of HTTP requests received: 7 (from squidclient access)
And my store isn't growing at all.
It seems squid is not getting the traffic from my iptables... any ideas??
Received on Wed Mar 31 2010 - 16:48:00 MDT
This archive was generated by hypermail 2.2.0 : Thu Apr 01 2010 - 12:00:05 MDT