On 25/05/2012 15:35, Thomas York wrote:
> I have a lab environment set up using two Debian Wheezy servers (Squeeze
> doesn't have a new enough kernel or iptables to do TPROXY properly). One of
> the servers is a router and the other is a proxy server. There are several
> clients connected to the router to simulate a production routing
> environment. If I have both the TPROXY redirection and Squid on the same
> server, Squid handles the requests and everything works perfectly. However,
> this isn't how I want the proxy to be configured in our production
> environment. I've changed my iptables rules on the router to redirect all
> tagged 1 packets to the proxy server. This is working perfectly fine and I
> can see the data being routed to the proxy server using tcpdump on both the
> router and the proxy. However, Squid on the proxy server doesn't seem to
> 'see' the data being routed and doesn't do anything with it. I have
> "http_port 3129 tproxy" set on the proxy server. Is there anything special I
> need to do using iptables on the proxy server?
>
> Both servers are running kernel 3.2.0-2-amd64 and iptables 1.4.13 from
> Wheezy and the Squid being used on the proxy is 3.1.19. If any more
> information is needed, please just let me know and I'd be happy to supply
> it. Thanks.
>
> --Thomas York
Are you Source-NAT'ing the redirect from the Router?
This archive was generated by hypermail 2.2.0 : Fri May 25 2012 - 12:00:04 MDT