Hello,
I've configured a transparent proxy as TProxy4 (http://wiki.squid-cache.org/Features/Tproxy4).
But I don't see anything in squid access log.
* OS = Linux Fedora 20.
* Cache log says at start-up :
....
2014/02/19 12:23:53 kid1| Accepting WCCPv2 messages on port 2048, FD 11.
2014/02/19 12:23:53 kid1| Initialising all WCCPv2 lists
2014/02/19 12:23:53 kid1| HTCP Disabled.
2014/02/19 12:23:53 kid1| Squid plugin modules loaded: 0
2014/02/19 12:23:53 kid1| Adaptation support is off.
2014/02/19 12:23:53 kid1| Accepting HTTP Socket connections at local=0.0.0.0:8080 remote=[::] FD 12
flags=9
2014/02/19 12:23:53 kid1| Accepting HTTP Socket connections at local=0.0.0.0:3128 remote=[::] FD 13
flags=9
2014/02/19 12:23:53 kid1| Accepting TPROXY spoofing HTTP Socket connections at local=0.0.0.0:3129
remote=[::] FD 14 flags=25
...
********************************
* The router is connected to the wccp port :
udp 0 0 194.214.158.189:2048 194.214.158.165:2048 ESTABLISHED
********************************
* iptables seems OK
# iptables -t mangle -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N DIVERT
-A PREROUTING -p tcp -m socket -j DIVERT
-A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY --on-port 3129 --on-ip 0.0.0.0 --tproxy-mark 0x1/0x1
-A DIVERT -j MARK --set-xmark 0x1/0xffffffff
-A DIVERT -j ACCEPT
#
********************************
* kernel routing seems OK :
# ip -s -f inet rule
0: from all lookup local
32764: from all fwmark 0x1 lookup 100
32765: from all fwmark 0x1 lookup 100
32766: from all lookup main
32767: from all lookup default
# ip -s -f inet route
default via 194.214.158.165 dev eth0
169.254.0.0/16 dev eth0 scope link metric 1002
194.214.158.0/24 dev eth0 proto kernel scope link src 194.214.158.189
#
********************************
* squid.conf :
wccp2_router 194.214.158.165
wccp2_forwarding_method gre
wccp2_return_method gre
wccp2_assignment_method hash
wccp2_service standard 0
I shall change wccp2_service to dynamic after, but for start-up, it
should work, I guess.
********************************
* On the router (switch/router) we have this :
ip wccp web-cache redirect-list 120
interface Vlan16
description Vlan Users
ip address a.b.c.d v.w.x.y
no ip redirects
ip wccp web-cache redirect in
access-list 120 remark le proxy SQUID bypasse la redirection
access-list 120 deny ip host 194.214.158.207 any
access-list 120 permit tcp 192.168.16.0 0.0.0.255 any eq www
access-list 120 deny ip any any
*********************************
What more shall I look ? There's something wrong ? Any hint ?
Thanks for your help.
--Received on Wed Feb 19 2014 - 12:31:59 MST
This archive was generated by hypermail 2.2.0 : Wed Feb 19 2014 - 12:00:06 MST