Re: [squid-users] IPv6 and TPROXY

mail: elie...@ngtech.co.il -Original Message- From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of Amos Jeffries Sent: Monday, August 21, 2017 17:27 To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] IPv6 and TPROXY On 21/08/17 03:31, Amos Jeffries w

Re: [squid-users] IPv6 and TPROXY

ail: elie...@ngtech.co.il -Original Message- From: Walter H. [mailto:walte...@mathemainzel.info] Sent: Saturday, August 19, 2017 23:23 To: Eliezer Croitoru Cc: squid-users@lists.squid-cache.org Subject: Re: [squid-users] IPv6 and TPROXY Hello, not really, I must live with the fact, that I can'

Re: [squid-users] IPv6 and TPROXY

On 21/08/17 03:31, Amos Jeffries wrote: On 20/08/17 23:47, Eliezer Croitoru wrote: I would be happy to write the article if I would have known how to disable tproxy for the outgoing traffic. There is nothing to document, it is not configurable. Oop. I had forgotten about

Re: [squid-users] IPv6 and TPROXY

zer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: elie...@ngtech.co.il -Original Message- From: Amos Jeffries [mailto:squ...@treenet.co.nz] Sent: Sunday, August 20, 2017 18:32 To: Eliezer Croitoru ; squid-users@lists.squid-cache.org Subject: Re: [squid-users] IPv6 and TPROXY O

Re: [squid-users] IPv6 and TPROXY

On 20/08/17 23:47, Eliezer Croitoru wrote: I am still waiting for couple answers about the system and the setup. Also to resolve the issue it will be required to know if the issue is on squid side or the kernel side(ipv6 related) or iptables rules. All of the above will allow us to help Walter m

Re: [squid-users] IPv6 and TPROXY

ists.squid-cache.org] On Behalf Of Amos Jeffries Sent: Sunday, August 20, 2017 03:45 To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] IPv6 and TPROXY On 20/08/17 12:08, Eliezer Croitoru wrote: > You can use tproxy but you will need to somehow make it so squid will do > "NAT&qu

Re: [squid-users] IPv6 and TPROXY

On 20/08/17 12:08, Eliezer Croitoru wrote: You can use tproxy but you will need to somehow make it so squid will do "NAT" instead of only tproxy or to findout what is causing the issue to happen in the network layer of the connection. It can be a simple iptables rule which block traffic or anot

Re: [squid-users] IPv6 and TPROXY

Sent: Saturday, August 19, 2017 23:23 To: Eliezer Croitoru Cc: squid-users@lists.squid-cache.org Subject: Re: [squid-users] IPv6 and TPROXY Hello, not really, I must live with the fact, that I can't configure tproxy, as I can't update any kernel ... Walter On 19.08.2017 22:09, Elie

Re: [squid-users] IPv6 and TPROXY

mail: elie...@ngtech.co.il -Original Message- From: Walter H. [mailto:walte...@mathemainzel.info] Sent: Sunday, August 13, 2017 21:31 To: Eliezer Croitoru Cc: squid-users@lists.squid-cache.org Subject: Re: [squid-users] IPv6 and TPROXY Hello Eliezer yes, because all my Linux systems ar

Re: [squid-users] IPv6 and TPROXY

@lists.squid-cache.org Subject: Re: [squid-users] IPv6 and TPROXY Hello Eliezer yes, because all my Linux systems are CentOS 6 ... the router/firewall has a rule -A FORWARD -i br0 -o sit1 -s ipv6prefix:0::/80 -m tcp -p tcp --dport 80 -j LOG --log-prefix "IPv6[FWD-HTTP(out)]: " --log-

Re: [squid-users] IPv6 and TPROXY

-Original Message- From: Walter H. [mailto:walte...@mathemainzel.info] Sent: Sunday, August 13, 2017 21:31 To: Eliezer Croitoru Cc: squid-users@lists.squid-cache.org Subject: Re: [squid-users] IPv6 and TPROXY Hello Eliezer yes, because all my Linux systems are CentOS 6 ... the router/firewall h

Re: [squid-users] IPv6 and TPROXY

From: Walter H. [mailto:walte...@mathemainzel.info] Sent: Saturday, August 12, 2017 22:03 To: Eliezer Croitoru Cc: squid-users@lists.squid-cache.org Subject: Re: [squid-users] IPv6 and TPROXY Hello Eliezer, not really, as I don't understand, which IP squid needs to listen to in my squid.conf I have thi

Re: [squid-users] IPv6 and TPROXY

: Eliezer Croitoru Cc: squid-users@lists.squid-cache.org Subject: Re: [squid-users] IPv6 and TPROXY Hello Eliezer, not really, as I don't understand, which IP squid needs to listen to in my squid.conf I have this: # Squid normally listens to port 3128 http_port 127.0.0.1:3128 http_port

Re: [squid-users] IPv6 and TPROXY

] Sent: Thursday, August 10, 2017 09:19 To: Eliezer Croitoru Cc: squid-users@lists.squid-cache.org Subject: RE: [squid-users] IPv6 and TPROXY Hello Eliezer, it is a CentOS 6 box, br0 is a bridge device, connecting eth0 and wlan0 to one ip subnet/ipv6 prefix might this be a problem? the results

Re: [squid-users] IPv6 and TPROXY

-users@lists.squid-cache.org Subject: RE: [squid-users] IPv6 and TPROXY Hello Eliezer, it is a CentOS 6 box, br0 is a bridge device, connecting eth0 and wlan0 to one ip subnet/ipv6 prefix might this be a problem? the results of "sysctl -a |grep forward|grep v6": net.ipv6.conf.all.forw

Re: [squid-users] IPv6 and TPROXY

On 10/08/17 15:48, Walter H. wrote: Hello Eliezer ip -6 rule is this 0: from all lookup local 32765: from all fwmark 0x1 lookup 100 32766: from all lookup main the two commands where ip -f inet6 rule add fwmark 1 lookup 100 ip -f inet6 route add local default dev br0 table 100 ip6tabl

Re: [squid-users] IPv6 and TPROXY

- From: Walter H. [mailto:walte...@mathemainzel.info] Sent: Thursday, August 10, 2017 09:19 To: Eliezer Croitoru Cc: squid-users@lists.squid-cache.org Subject: RE: [squid-users] IPv6 and TPROXY Hello Eliezer, it is a CentOS 6 box, br0 is a bridge device, connecting eth0 and wlan0 to one ip subnet

Re: [squid-users] IPv6 and TPROXY

- > From: Walter H. [mailto:walte...@mathemainzel.info] > Sent: Thursday, August 10, 2017 06:49 > To: Eliezer Croitoru > Cc: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] IPv6 and TPROXY > > Hello Eliezer > > ip -6 rule is this > > 0: from

Re: [squid-users] IPv6 and TPROXY

inistrator Mobile: +972-5-28704261 Email: elie...@ngtech.co.il -Original Message- From: Walter H. [mailto:walte...@mathemainzel.info] Sent: Thursday, August 10, 2017 06:49 To: Eliezer Croitoru Cc: squid-users@lists.squid-cache.org Subject: Re: [squid-users] IPv6 and TPROXY Hello Eliez

Re: [squid-users] IPv6 and TPROXY

le: +972-5-28704261 Email: elie...@ngtech.co.il -Original Message- From: Walter H. [mailto:walte...@mathemainzel.info] Sent: Thursday, August 10, 2017 06:49 To: Eliezer Croitoru Cc: squid-users@lists.squid-cache.org Subject: Re: [squid-users] IPv6 and TPROXY Hello Eliezer ip -6 rule

Re: [squid-users] IPv6 and TPROXY

.org Subject: [squid-users] IPv6 and TPROXY Hello, I did at the ip6tables like this: https://wiki.squid-cache.org/Features/Tproxy4#iptables_on_a_Router_device iptables -t mangle -N DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT iptables -t mangle -A

Re: [squid-users] IPv6 and TPROXY

tech.co.il -Original Message- From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of Walter H. Sent: Tuesday, August 8, 2017 17:15 To: squid-users@lists.squid-cache.org Subject: [squid-users] IPv6 and TPROXY Hello, I did at the ip6tables like this: https://

[squid-users] IPv6 and TPROXY

Hello, I did at the ip6tables like this: https://wiki.squid-cache.org/Features/Tproxy4#iptables_on_a_Router_device iptables -t mangle -N DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT iptables -t mangle -A PREROUTING -i br0 -p tcp -m socket -j DIV