[squid-users] Squid can't cache web traffic via TPROXY

From: chowalit.lab Chowalit Lab Linux <[email protected]>
Date: Tue, 19 Sep 2006 13:37:35 +0700

Dear all,
       I just implement linux box consist of linux 2.6.17 + tproxy + squid
2.6 + wccp v1 + iptable 1.3 . I follow through step by step for tproxy
solution like this
       1. recomplie kernel with tproxy patch ==> It's ok I try to lsmod
then I see

iptable_tproxy 23316 1
iptable_nat 13188 1 iptable_tproxy
ip_nat 29100 2 iptable_tproxy,iptable_nat
ip_conntrack 61280 3 iptable_tproxy,iptable_nat,ip_nat
ip_tables 18372 3 iptable_filter,iptable_tproxy,iptable_nat
ipt_TPROXY 6400 1
ipt_tproxy 6144 0
x_tables 19972 5
iptable_nat,ip_tables,xt_tcpudp,ipt_TPROXY,ipt_tproxy

       2. create gre interface
               # ifconfig gre0 127.0.0.2 up
       ==> It's got good result .

       3. uninstall iptables 1.3 rpm then recomplie iptable with tproxy
patch

    I use this rule of iptables
# iptables -A PREROUTING -i all -p tcp -m tcp --dport 80 -j TPROXY --on-port
3128

==> I think it is fine .. see output of lsmod and this result of iptables
command

# iptables -t tproxy -L -v
Chain PREROUTING (policy ACCEPT 265 packets, 41235 bytes)
 pkts bytes target prot opt in out source
destination
    0 0 TPROXY tcp -- all any anywhere
anywhere tcp dpt:http TPROXY redirect 0.0.0.0:3128

Chain OUTPUT (policy ACCEPT 10 packets, 771 bytes)
 pkts bytes target prot opt in out source
destination

            4. I recompile source rpm with new version of
squid-2.6.STABLE3-2.src.rpm --> with enable tproxy configuration
                My squid.conf like this

http_port 3128 transparent tproxy vhost vport=80

always_direct allow all

http_access allow all

wccp_router x.x.x.x
wccp_version 4
wccp2_rebuild_wait off
wccp2_forwarding_method 1
wccp2_return_method 1
wccp_address 0.0.0.0

              I start squid without error.

            5. tunning the kernel option : disable rp_filter, enable
ip_forwarding
       # sysctl -a | grep rp_filter
net.ipv4.conf.gre0.arp_filter = 0
net.ipv4.conf.gre0.rp_filter = 0
net.ipv4.conf.eth1.arp_filter = 0
net.ipv4.conf.eth1.rp_filter = 0
net.ipv4.conf.eth0.arp_filter = 0
net.ipv4.conf.eth0.rp_filter = 0
net.ipv4.conf.lo.arp_filter = 0
net.ipv4.conf.lo.rp_filter = 0
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.all.rp_filter = 0

         # sysctl -a | grep ip_forward
net.ipv4.ip_forward = 1

                5. I enable wccp on router
                6. debug traffic with tcpdump
                   - I can find port 80 traffic between client and web
server
                   - TPROXY can capture every thing
                   But I can't see any access log in
/var/log/squid/access.log
              Please Help me!!!

Thanks
Received on Tue Sep 19 2006 - 00:37:40 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Oct 01 2006 - 12:00:03 MDT