I installed libcap-dev package, recompiled squid and TPROXY is now
working fine for both IPv4 and IPv6.
Thanks Amos!
On 2014-07-26 11:35, Amos Jeffries wrote:
On 25/07/2014 10:02 a.m., Jan Krupa wrote:
Hi all,
I've been struggling to configure transparent proxy for IPv6 on my
Raspberry Pi ac
On 25/07/2014 10:02 a.m., Jan Krupa wrote:
> Hi all,
>
> I've been struggling to configure transparent proxy for IPv6 on my
> Raspberry Pi acting as a router following the guide:
> http://wiki.squid-cache.org/Features/Tproxy4
>
> Despite all my efforts, all I got was squid squid immediately closi
Hi all,
I've been struggling to configure transparent proxy for IPv6 on my
Raspberry Pi acting as a router following the guide:
http://wiki.squid-cache.org/Features/Tproxy4
Despite all my efforts, all I got was squid squid immediately closing
connection after it was established (not rejecting
Well about the rules of mikrotik you already know that NAT is not the
direction.
In any case about the basic_data.sh script.
I had a type but..
What terminal are you using??
In most color terminals you won't see the special markings.
Thanks,
Eliezer
On 07/10/2014 03:28 AM, Info OoDoO wrote:
Hi
There you go. NAT rules will not work on TProxy. You need to play
with Mangle rules. The ones I am using are:
/ip fir man
add action=mark-routing chain=prerouting disabled=no dst-port=80
new-routing-mark=_to_squid_ passthrough=yes protocol=tcp
src-address-list=_to_squid_ src-mac-address=!
add a
I use two ports in Micortik Router. one for WAN and other for LAN, I
have No rules setup in Router except the natting Src and Dst for
private to public IP and vice versa.
There are two nics in squid box. but I am using only one.
The Lan From router is Connected to switch and the squid nic is also
What are the rules in Mikrotik that you are using? What is the
network diagram? How many interfaces on Mikrotik are you using for
this purpose? How many NICs are there on the Squid box? Can you give
an idea of your network diagram?
Also, a few days ago, I also posted the rules that I am using
Hi,
I'm using Microtik 1100 AH X2 Router,
here is my Basic Data from your latest script.
http://pastebin.com/GHkD5yYx
Thanks,
Ganesh J
On Wed, Jul 9, 2014 at 1:08 AM, Eliezer Croitoru wrote:
> What router are you using??
>
> Eliezer
>
> P.S. I will be at the squid irc channel for about couple
What router are you using??
Eliezer
P.S. I will be at the squid irc channel for about couple hours
http://webchat.freenode.net/?channels=squid
On 07/08/2014 10:19 PM, Info OoDoO wrote:
Configured Squid 3.4.6 again with all the options, still facing the same issue.
Thanks,
Ganesh J
On Tue, J
Configured Squid 3.4.6 again with all the options, still facing the same issue.
Thanks,
Ganesh J
On Tue, Jul 8, 2014 at 11:55 PM, Nyamul Hassan wrote:
> We were in the same problem just a few days ago. Can you recompile and check?
>
> Also, since you are compiling, then can you also try the la
We were in the same problem just a few days ago. Can you recompile and check?
Also, since you are compiling, then can you also try the latest stable
version 3.4.6?
Regards
HASSAN
On Wed, Jul 9, 2014 at 12:24 AM, Info OoDoO wrote:
> Sorry, I installed it recently and it was not there when i co
Sorry, I installed it recently and it was not there when i compiled
and configured squid from source.
Thanks,
Ganesh J
On Tue, Jul 8, 2014 at 11:52 PM, Info OoDoO wrote:
> Yes.. it is installed..
>
> libcap-devel.x86_64 2.16-5.5.el6 @base
>
> Thanks,
> Ganesh J
>
>
Yes.. it is installed..
libcap-devel.x86_64 2.16-5.5.el6 @base
Thanks,
Ganesh J
On Tue, Jul 8, 2014 at 11:49 PM, Nyamul Hassan wrote:
>>> For your kind attention, i have not installed Squid 3.1.10 from YUM. I
>>> have Compiled and installed from the source with th
>> For your kind attention, i have not installed Squid 3.1.10 from YUM. I
>> have Compiled and installed from the source with the following
>> options.
>>
>> http://pastebin.com/jFhzd3qj
>>
Oh! If you did compile it, then can you check if you have
"libcap-devel" installed?
Regards
HASSAN
+Eliezer
Thanks,
Ganesh J
On Tue, Jul 8, 2014 at 11:46 PM, Info OoDoO wrote:
> Sorry for the other mail chain. it was opened accidentally yesterday.
>
> Thanks for the response.
>
> please find the required data below.
>
> http://pastebin.com/Abs3QmMe --> cache.log
>
> http://pastebin.com/eS94B
Sorry for the other mail chain. it was opened accidentally yesterday.
Thanks for the response.
please find the required data below.
http://pastebin.com/Abs3QmMe --> cache.log
http://pastebin.com/eS94BHHu --> TCP Dump.
I was able to see the site logged in access.log with http code 504,
Gateway
Ok. Good so far. I saw you opened another email about this. Please
keep related discussions in one single thread. We had similar TProxy
issues around 7-8 days ago. From your emails, it seems you are
running CentOS 6.5, just like we are. The difference is that you are
using Squid 3.1 which is
Thanks Hassan,
Yes I have the following settings done.
Please see the details in the pastebin
http://pastebin.com/YzKDSV7J --> Find Results.
http://pastebin.com/XhZYiDxm -->sysctl.conf
Thanks,
Ganesh J
On Tue, Jul 8, 2014 at 2:29 PM, Nyamul Hassan wrote:
> tcpdump shows traffic flowing both
tcpdump shows traffic flowing both ways, which is good. We also need
to have the following settings:
# sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.eth0.rp_filter = 0
net.ipv4.conf.eth1.rp_filter = 0
The last two lines are
Thanks Hassan,
I have covered all the steps except the WCCP Configuration, Coz i dont
use WCCP Router. I tried discovering for Routing loop and was unable
to find any, Could you please help me How to Find a Routing loop.
Here is my Squid Conf and my TCPdump sample.
http://pastebin.com/aJskfywx -
Did you check the possibility of a routing loop as described in the
troubleshooting section of the TProxy wiki page? In fact, can you
check that you have covered all the steps mentioned in that section?
Regards
HASSAN
On Tue, Jul 8, 2014 at 2:37 AM, Info OoDoO wrote:
> Thanks Hassan,
>
> Now th
Thanks Hassan,
Now the request are passing through Squid but Failing with "110
Connection Timed Out" Error.
When I use transparent Mode its working fine. Any Idea..!!
Thanks,
Ganesh J
Thanks,
OodoO Fiber,
+91 8940808080
www.oodoo.co.in
On Tue, Jul 8, 2014 at 1:16 AM, Nyamul Hassan wrote:
> Hi
Hi Ganesh,
In your "basic data" pastebin, seems like the "ip rule" and "ip route"
rules are missing.
Please see if running the following commands helps the situation:
* echo 100 squidtproxy >> /etc/iproute2/rt_tables
* ip rule add fwmark 1 lookup 100
* ip route add local default dev lo table 100
Can you also pastebin your squid.conf?
Regards
HASSAN
On Tue, Jul 8, 2014 at 12:53 AM, collect oodoo wrote:
> I have configured squid with the options in the below paste ..
> http://pastebin.com/jFhzd3qj
> I packets are being forwarded from the cache box to internet and i'm
> able to see the Cli
I have configured squid with the options in the below paste ..
http://pastebin.com/jFhzd3qj
I packets are being forwarded from the cache box to internet and i'm
able to see the Client Public address instaed of squid Box Public
Address..
the Issue here is the requests are not being forwarded by or t
Just filed the bug:
http://bugs.squid-cache.org/show_bug.cgi?id=4078
Regards
HASSAN
On Sun, Jul 6, 2014 at 9:29 PM, Nyamul Hassan wrote:
> The problem has been found! I did not have libcap-devel installed.
> This is a primary requirement for TProxy.
>
> Nonetheless, Squid also does not throw a
The problem has been found! I did not have libcap-devel installed.
This is a primary requirement for TProxy.
Nonetheless, Squid also does not throw any error during runtime. It
opens the TProxy port, inspite of not having it compiled. This is a
bug.
Thank you Eliezer for your extensive help in
On Sun, Jul 6, 2014 at 6:32 PM, Amos Jeffries wrote:
>>
>> Does that help in anyway, or am I barking up the wrong tree?
>
>
> This is the right direction. The next thing is to find out why the accepted
> socket has an error flag attached to it by TcpAcceptor.
>
> (Eliezer will have to help you wit
On 2014-07-06 23:09, Nyamul Hassan wrote:
Dear Amos,
I was working with Eliezer with the debug_options in Squid, and with a
ALL,9 option, captured the relevant log for a request from Incognito
Chrome on client:
http://pastebin.com/WWYpxceG
I am trying to understand the flow within Squid:
Line_
Dear Amos,
I was working with Eliezer with the debug_options in Squid, and with a
ALL,9 option, captured the relevant log for a request from Incognito
Chrome on client:
http://pastebin.com/WWYpxceG
I am trying to understand the flow within Squid:
Line_1-7 shows that the packet was recieved
Line_
Dear Amos,
Thank you for your suggestion!
The browser on the client is Chrome. Interestingly, when I try to
open any link in Chrome, it tries 3 times. But, when we try from an
"Incognito Mode" window, it makes only one request.
Morever, there are "two" routers:
one for Host -> Rtr1 -> Squid
an
On 2014-07-06 20:18, Nyamul Hassan wrote:
Thanks for the video, Eliezer! The Mikrotik configuration part was
quite interesting!
New Basic Data:
http://pastebin.com/ULT2d4Ej
Debug (All,1 89,9 17,3)
http://pastebin.com/0Ycgtea2
Just one request from the client browser was made. The destination
Thanks for the video, Eliezer! The Mikrotik configuration part was
quite interesting!
New Basic Data:
http://pastebin.com/ULT2d4Ej
Debug (All,1 89,9 17,3)
http://pastebin.com/0Ycgtea2
Just one request from the client browser was made. The destination is
also a server under our control. http:/
Hey Hassan,
I have found this interesting proxy setup in youtube:
http://www.youtube.com/watch?v=S65Gp79YHu8
Which is exactly what you need for your case.
I also see now that mikrotik routers do make it very simple to setup.
Note that this setup uses a upstream proxy which is using port 8080 an
Hey Hassan,
OK so after looking at the debug script:
- you don't have squid running at the time that the script ran.(no port
3129 listening)
- I need the relevant ALL,1 89,9 debug specifically.. All any other
debug sections I do not care about right now.
I see you are running CentOS by the ke
Thank you Eliezer for your email.
We have been able to get the information into pastebin as follows:
Squid.conf
http://pastebin.com/QGCfXbCk
./basic_data.sh
http://pastebin.com/EP8kB8MU
Debug (All,9)
http://pastebin.com/WWYpxceG
We already were reading the full debug logs, when your email arriv
Hey,
I cannot tell you it's the case since I do not tend to verify that
tproxy works on every squid release due to the basic small changes that
happen from minor version to the other.
I test it on the first major release such as 3.3 and 3.4 and then don't
tend to check it later.
But I am not
I apologize Eliezer if my words meant that Squid in general was
flawed. On the contrary, we have been using Squid 2 for almost 6
years over multiple proxies, and have only found it to be among the
exceptional open source softwares out there. And, the community
behind Squid also compares to the to
Hey,
I am not sure if you understand you question which is:
"I have a software that works on many many many many systems around the
world, Why is it not working for me? because of the setup or because of
the software?"
I would not say that computers are saints or that software are perfect
bu
Dear Amos,
We just found a small software:
https://github.com/kristrev/tproxy-example
As the author put it:
The example transparent proxy application accepts TCP connections on
the specified port (set to 9876 in tproxy_test.h) and attempts a TCP
connection to the original host. If it is successfu
> That is the problem then. Something is blocking the traffic arriving at Squid
> listening port. selinux, rp_filter or ip_forward sysctl settings I usually
> find are the problem for this, although there have been a few cases where
> nobody could figure out why this was happening.
>
We might b
Just some quick answers to your questions inline below. (I've not had
time to consider this in detail sorry.)
On 2014-07-04 03:03, Nyamul Hassan wrote:
Thank you Amos & Eliezer for your responses!
Amos, we have enabled debug_options 11,2, but that did not show any
HTTP request being received b
Thank you Amos & Eliezer for your responses!
Amos, we have enabled debug_options 11,2, but that did not show any
HTTP request being received by Squid, not even after doing the changes
that Eliezer suggested. But they did show up, when we reverted back
to "http_port 3127 intercept" related configu
Hey There,
You have seem to use the wrong rules in ip route and maybe something else.
I need more for the picture to understand what and how you implemented it.
What I need is the IP and wires topology.
Wccp is not good for you(maybe) but the examples are perfect from any
aspect.
Take a peek at
On 2014-07-03 12:01, Nyamul Hassan wrote:
Hi,
We are trying to run Squid 3.4.6 with TProxy. Earlier we used to run
Squid 2.7.Stable9 in "transparent" mode with a DNAT rule on the router
box to redirect traffic. This being our first jibe at Squid3, we have
successfully configured "intercept" mo
Hi,
We are trying to run Squid 3.4.6 with TProxy. Earlier we used to run
Squid 2.7.Stable9 in "transparent" mode with a DNAT rule on the router
box to redirect traffic. This being our first jibe at Squid3, we have
successfully configured "intercept" mode with the router doing a
policy-based rout
On 21/06/2014 7:46 p.m., Omid Kosari wrote:
> We have full TPROXY in our network . Is there a way to surf an address with
> clients IP addresses ?
Send HTTP requests from the client machine, or re-allocate the IP
address to a test machine and request from there.
> Lets think we have 1000 ip addre
We have full TPROXY in our network . Is there a way to surf an address with
clients IP addresses ?
Lets think we have 1000 ip addresses . I want Squid opens google.com with
those 1000 IPs .
Something like fake traffic from different users .
I know i may use squidclient or a script on squid box but
u
> Sent: Wednesday, February 26, 2014 3:18 PM
> To: squid-users@squid-cache.org
> Subject: Re: [squid-users] Tproxy mode on Debian 7 Table does not exist
>
> You should use "-t mangle" instead of "tproxy"
>
> Good luck,
> Eliezer
>
> On 26/02/2014
Thanks Eliezer,
But using tmangle allows me to use tproxy in Squid http_port ?
-Message d'origine-
From: Eliezer Croitoru
Sent: Wednesday, February 26, 2014 3:18 PM
To: squid-users@squid-cache.org
Subject: Re: [squid-users] Tproxy mode on Debian 7 Table does not exist
You s
You should use "-t mangle" instead of "tproxy"
Good luck,
Eliezer
On 26/02/2014 13:57, David Touzeau wrote:
uname –a report #1 SMP Debian 3.2.51-1 x86_64 GNU/Linux
iptables -t tproxy -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j
TPROXY --on-port 80
iptables v1.4.14: can't initialize iptab
Hi all
I’m trying to implement the Tproxy mode on Debian 7 without successs.
Is there anybody have successfully implement it on Debian 7
I have setup this :
modprobe -a nf_tproxy_core xt_TPROXY xt_socket xt_mark ip_gre gre
lsmod |grep proxy
nf_tproxy_core 12404 1 xt_TPROXY
uname –a re
On 4/02/2014 6:40 a.m., Peter Warasin wrote:
> Hi guys
>
> OMG, found the issue. It was a stupid config mistake.
> For the records: Setup is squid on a bridge. I configured as default
> gateway the ip address of the bridge instead of the hop behind the bridge.
>
Maybe it was you or maybe not. Th
Hi guys
OMG, found the issue. It was a stupid config mistake.
For the records: Setup is squid on a bridge. I configured as default
gateway the ip address of the bridge instead of the hop behind the bridge.
Thank you all for your help ans suggestions
peter
--
:: e n d i a n
:: security with pa
hi Madhav
On 01/30/2014 02:28 PM, Madhav V Diwan wrote:
> You do not by any chance have EBtables (bridge iptables) enabled do
> you? Maybe you have a ACL there that is in the way?
yes, I have, but I flushed everything before these tests.
also I see packets coming in in iptables INPUT chain.
p
Peter
You do not by any chance have EBtables (bridge iptables) enabled do
you? Maybe you have a ACL there that is in the way?
Madhav
-Original Message-
From: Peter Warasin
To: Madhav V Diwan
Subject: Re: [squid-users] TPROXY does not redirect to squid port
Date: Wed, 29 Jan 2014
Thanks,
Sorry but sometimes the emails somewhow delayed or not being delivered
to me from unknown reason yet.
Eliezer
On 29/01/14 22:37, Amos Jeffries wrote:
Elizer,
He has already checked and confirmed it is on the arrival (accept()
syscall) where things are going wrong.
Amos
On 2014-01-30 01:12, Eliezer Croitoru wrote:
Hey Peter,
Was tested more in depth inside CentOS 6.5.
SELINUX enforcing must be down unless there is strict rules that
allows the usage of tproxy.
To test it and make sure it works in the basic level you can add a
"cache_peer" with the option "no-tp
Hey Peter,
Was tested more in depth inside CentOS 6.5.
SELINUX enforcing must be down unless there is strict rules that allows
the usage of tproxy.
To test it and make sure it works in the basic level you can add a
"cache_peer" with the option "no-tproxy".
It will allow you to see that the ba
binding squid to 0.0.0.0 ..
> that might make squid bind to both the bridge and the eth interface ..
> which would make things interesting
>
>
>
> -Original Message-
> From: Madhav V Diwan
> To: Peter Warasin
> Cc: Amos Jeffries , squid-users@squid-cache.org
>
Hey Peter,
Lets start from 0 back again.
What OS is it?
What is the client IP address?
What is the machine IP address?
Is it using one interface or more?
What is the DNS and what is the GW for this machine?
Did you had the chance of looking at:
http://wiki.squid-cache.org/ConfigExamples/UbuntuTp
to clarify: your squid conf and your tproxy iptables rules work when
you set up squid on port 80
They also work when you bid squid to port 8080 ..
But you dont want to bind squid to port 80 because you want apache
there ...
sounds like you need to find out why you cant bind to port 18080.. or
things interesting
-Original Message-
From: Madhav V Diwan
To: Peter Warasin
Cc: Amos Jeffries , squid-users@squid-cache.org
Subject: Re: [squid-users] TPROXY does not redirect to squid port
Date: Tue, 28 Jan 2014 11:04:12 -0500
to clarify: your squid conf and your tproxy iptables rules
hi guys
On 01/28/2014 02:30 PM, Madhav V Diwan wrote:
> Have you made certain that squid in the squid configuration file
> ( /etc/squid/squid.conf) is listening on port 80 ( the destination port
> in your iptables rules)
port 80?
squid is listening on port 18080, where the tproxy rule "redirect
Hi Amos
Thank you for the prompt reply!
On 01/27/2014 10:04 PM, Amos Jeffries wrote:
>> I proved with iptables logging rules that routing is correct, because
>> packets are coming in the INPUT chain instead of FORWARD and are marked
>> as they should be.
>
> Good.
> Are there any rules in there
Simple question to Peter,
Have you made certain that squid in the squid configuration file
( /etc/squid/squid.conf) is listening on port 80 ( the destination port
in your iptables rules)
and have you checked tcpwrappers , or selinux?
I see youve posted your iptables rules , but i dont see your
On 2014-01-28 06:18, Peter Warasin wrote:
hi guys
I configured a transparent proxy environment using TPROXY following the
howto on the squid wiki http://wiki.squid-cache.org/Features/Tproxy4
I setup a tproxy port in squid on port 18080 and created the following
iptables rule:
-A PREROUTING -p
Hey Peter,
Tproxy is working and pretty nice for many users.
You are probably missing couple rules in iptables and might not
understand fully tproxy effects.
I still doesn't understand the issue.
What OS are you using?
If you can tell me more about the system I might be able to understand
the
hi guys
I configured a transparent proxy environment using TPROXY following the
howto on the squid wiki http://wiki.squid-cache.org/Features/Tproxy4
I setup a tproxy port in squid on port 18080 and created the following
iptables rule:
-A PREROUTING -p tcp --dport 80 -j TPROXY --on-port 18080 --t
On 28/12/2013 4:12 a.m., Alfredo Rezinovsky wrote:
> What squid does in a TPROXY configuration when a client tries to use a
> non-http protocol in port 80?
>
> ToR for example tries port 80. There's a way to squid to seamlessly pass
> through the connection when there's not and http conversation?
Hey Alfredo,
It is up to the admin to decide if it's OK or not.
Basic squid http_port doesn't allow this kind of option to prevent
abusing of the proxy server for many protocols other then web.
Port 80 is a strict http\web port which should never be used for the
purpose of non http content.
What squid does in a TPROXY configuration when a client tries to use a
non-http protocol in port 80?
ToR for example tries port 80. There's a way to squid to seamlessly pass
through the connection when there's not and http conversation?
--
Alfrenovsky
On 09/02/2013 11:00 PM, Alfredo Rezinovsky wrote:
> I have a squid with tproxy and url-rewrite
>
> Some url-rewtites goes to localhost
>
> OK rewrite-url="http://127.0.0.1/";
>
> The problem is that squid does the request using the original client IP
> (as tproxy has to) and localhost can't
I have a squid with tproxy and url-rewrite
Some url-rewtites goes to localhost
OK rewrite-url="http://127.0.0.1/";
The problem is that squid does the request using the original client IP
(as tproxy has to) and localhost can't answer.
there's a way to force a tcp_outgoing address (or disa
On 21/08/2013 12:51 a.m., Alfredo Rezinovsky wrote:
With tproxy squid uses the original source IP address as source IP for
the request
There's a way to force the use of the original server destination IP
instead of using a DNS query?
This is the default for intercepted traffic in Squid-3.2 a
With tproxy squid uses the original source IP address as source IP for
the request
There's a way to force the use of the original server destination IP
instead of using a DNS query?
--
Alfrenovsky
I am unsure but I am almost sure you need to compile TPROXY support in
FreeBSD kernel and it's not out of the box.
I might be imagining but this is how it was the last time I tried it.
Eliezer
On 6/12/2013 7:36 PM, Georgios Androulidakis wrote:
Hello,
I am trying to use the TPROXY feature in
On 13/06/2013 4:36 a.m., Georgios Androulidakis wrote:
Hello,
I am trying to use the TPROXY feature in FreeBSD 9.1 but when I start
squid I get the following error message:
2013/06/12 18:51:47| FATAL: http(s)_port: TPROXY support in the system
does not work.
FATAL: Bungled /usr/local/etc/squ
Hello,
I am trying to use the TPROXY feature in FreeBSD 9.1 but when I start
squid I get the following error message:
2013/06/12 18:51:47| FATAL: http(s)_port: TPROXY support in the system
does not work.
FATAL: Bungled /usr/local/etc/squid/squid.conf line 12: http_port 3128
tproxy
Squid Cac
On 29/05/2013 4:55 p.m., neeraj kharbanda wrote:
Hi,
this is my scenario
router(linux eth0).eth2(lusca)..eth1(wan)
policy routing done for clients to reach to lusca (clients on private
ips 172.16.x.x)
lusca can ping clients and internet
Please be aware that Lusca proxy is n
Hi,
this is my scenario
router(linux eth0).eth2(lusca)..eth1(wan)
policy routing done for clients to reach to lusca (clients on private
ips 172.16.x.x)
lusca can ping clients and internet
tproxy redirection done as per :
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVE
On 25/02/2013 3:00 p.m., Roman Gelfand wrote:
Amos,
Do you have an idea as to what I am doing wrong here?
Unfortunately no. All the things that were wrong have apparently been
fixed without affecting the outcome.
There is nothing more I can suggest besides a double-triple-check of the
enti
Amos,
Do you have an idea as to what I am doing wrong here?
Thanks,
On Fri, Feb 22, 2013 at 12:40 PM, Roman Gelfand wrote:
> Thanks for taking time to help me out.
>
> If I understood you correctly, I think I made the changes you
> mentioned including iptables -A FORWARD -i eth0 -j ACCEPT line.
Thanks for taking time to help me out.
If I understood you correctly, I think I made the changes you
mentioned including iptables -A FORWARD -i eth0 -j ACCEPT line.
still no luck. Below, is the is the diagnostics.
Chain PREROUTING (policy ACCEPT 13 packets, 8499 bytes)
pkts bytes target pr
On 22/02/2013 5:07 p.m., Roman Gelfand wrote:
On Thu, Feb 21, 2013 at 6:10 PM, Amos Jeffries wrote:
On 22/02/2013 11:03 a.m., Roman Gelfand wrote:
Please, find below the network topology, squid.conf and rc.local
configuration files. It appears that the squid is not routing the
http request
On Thu, Feb 21, 2013 at 6:10 PM, Amos Jeffries wrote:
> On 22/02/2013 11:03 a.m., Roman Gelfand wrote:
>>
>> Please, find below the network topology, squid.conf and rc.local
>> configuration files. It appears that the squid is not routing the
>> http requests. I am not sure what I am doing wro
On 22/02/2013 11:03 a.m., Roman Gelfand wrote:
Please, find below the network topology, squid.conf and rc.local
configuration files. It appears that the squid is not routing the
http requests. I am not sure what I am doing wrong here
Please note, the same squid.conf works on transparent proxy
Please, find below the network topology, squid.conf and rc.local
configuration files. It appears that the squid is not routing the
http requests. I am not sure what I am doing wrong here
Please note, the same squid.conf works on transparent proxy (non
tproxy), for the exception of tproxy keyword
I have configured the tproxy as follows, but it appears packets are
not hitting squid. Please note, the wccp configuration on the router
is already working with squid http_port transparent configuration and,
obviously, different iptables configuration. Any help is appreciated.
Thanks in advance.
On 6/02/2013 3:33 p.m., Roman Gelfand wrote:
Is content filtering possible with tproxy? If yes, would somebody
have a working iptable configuration for tproxy?
Thanks in advance
Yes. And there are several working configurations in the Squid wiki.
Amos
Is content filtering possible with tproxy? If yes, would somebody
have a working iptable configuration for tproxy?
Thanks in advance
On 21/12/2012 5:59 a.m., Steve Hill wrote:
On 20.12.12 13:58, Paweł Mojski wrote:
Search the list archives.
I posted working config for ipv6 few months ago.
Thanks - I found your config:
http://www.squid-cache.org/mail-archive/squid-users/201206/0281.html
It didn't explain how it could work w
On 20.12.12 13:58, Paweł Mojski wrote:
Search the list archives.
I posted working config for ipv6 few months ago.
Thanks - I found your config:
http://www.squid-cache.org/mail-archive/squid-users/201206/0281.html
It didn't explain how it could work when Squid only binds the tproxy
socket to t
W dniu 2012-12-20 10:48, Steve Hill pisze:
Squid's TPROXY sockets only seem to bind to the IPv4 stack - Some
Googling suggests it can be made to work with IPv6, but I've not found
anything explaining how. What am I missing?
Thanks.
Search the list archives.
I posted working config for ipv
Squid's TPROXY sockets only seem to bind to the IPv4 stack - Some
Googling suggests it can be made to work with IPv6, but I've not found
anything explaining how. What am I missing?
Thanks.
--
- Steve Hill
Technical Director
Opendium Limited http://www.opendium.com
Direct contac
On 11/29/2012 3:31 PM, Nick Fennell wrote:
Hey Steve,
OK so, for your internal (LAN) traffic, why put it through TPROXY at all? Why not exclude
it from the redirect into the TPROXY engine and allow it to proxy through
"organically"?
As well you know, if TPROXY sees the traffic in one directio
Hey Steve,
OK so, for your internal (LAN) traffic, why put it through TPROXY at all? Why
not exclude it from the redirect into the TPROXY engine and allow it to proxy
through "organically"?
As well you know, if TPROXY sees the traffic in one direction, it needs to see
it in the other.
My sugg
I need to transparently proxy traffic, and the best way to do this seems
to be to use tproxy, since that allows IPv6 traffic to be supported.
However, when using tproxy, Squid spoofs the client's source address
when making the connection to the web server - this is something I don't
need, and
On Mon, Oct 22, 2012 at 10:40 PM, Amos Jeffries wrote:
> If I am reading that correctly you are saying the ICMPv6 'too big' packets
> are not going to Squid, but to the client machine?
> Which would make it a TPROXY bug, since the outbound connection from Squid
> is where the MTU should be lowered
On 10/23/2012 1:53 PM, Matthew Goff wrote:
I don't know if Squid had already processed the packets for re-writing
before Wireshark displays them or not, so I'll check a tcpdump at the
router itself to see where it originally directed the packet to before
my Squid box had any chance to mangle it.
1 - 100 of 391 matches
Mail list logo
