RE: [squid-users] Squid + WCCP + TProxy

Does it appear that my iptables rules are in the correct order? I see packets matching them. Possible my problem is with the ip rule or ip route? I am using the standard ones from the wiki.

root_at_indianwells:~# iptables -t mangle -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DIVERT tcp -- anywhere anywhere socket
TPROXY tcp -- anywhere anywhere tcp dpt:www TPROXY redirect 128.226.100.61:3129 mark 0x1/0x1

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination

Chain DIVERT (1 references)
target prot opt source destination
MARK all -- anywhere anywhere MARK xset 0x1/0xffffffff
ACCEPT all -- anywhere anywhere

Thanks,

--Joe

-----Original Message-----
From: Henrik Nordstrom [mailto:henrik_at_henriknordstrom.net]
Sent: Monday, November 02, 2009 8:52 PM
To: Roth, Joe
Cc: Amos Jeffries; squid-users_at_squid-cache.org
Subject: RE: [squid-users] Squid + WCCP + TProxy

mån 2009-11-02 klockan 09:23 -0500 skrev Roth, Joe:
> I compiled 3.1.0.14 with the --enable-linux-netfilter option and
> installed.

> Is there any way for me to check that squid is properly enabling the
> kernel option?

The needed kernel option is enabled by iptables, not Squid.

The compile + http_port options just tells Squid to query the kernel a
little extra to get the actual address info. The actual intercept will
work even without any of that, just that the result may not be entirely
the expected..

REgards
Henrik
Received on Tue Nov 03 2009 - 21:16:20 MST