-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 05/23/2017 01:17 PM, Vieri Di Paola wrote:
>
> ________________________________ From: Tom Eastep
> <[email protected]>
>>
>> Configure Squid for TPROXY on port 3129:
>>
>> http_port 3129 tproxy
>
>
> I already did. My squid configuration contains the following:
>
> http_port 3129 tproxy https_port 3130 tproxy ssl-bump
> generate-host-certificates=on dynamic_cert_mem_cache_size=16MB
> cert=/etc/ssl/squid/proxyserver.pem
>
> In fact, in my mangle file I have:
>
> DIVERT $IF_WAN $PROXY_SOURCE_WAN
> tcp - 80 TPROXY(3129)
> $IF_LAN:$PROXY_SOURCE_WAN $PROXY_DESTINATION_WAN tcp 80
> DIVERT
> $IF_WAN $PROXY_SOURCE_WAN tcp -
> 443 TPROXY(3130)
> $IF_LAN:$PROXY_SOURCE_WAN $PROXY_DESTINATION_WAN tcp 443
>
> DIVERT $IF_WAN $PROXY_SOURCE_WAN_DMZ
> tcp - 80 TPROXY(3129)
> $IF_DMZ:$PROXY_SOURCE_WAN_DMZ $PROXY_DESTINATION_WAN_DMZ tcp
> 80
> DIVERT $IF_WAN $PROXY_SOURCE_WAN_DMZ
> tcp - 443 TPROXY(3130)
> $IF_DMZ:$PROXY_SOURCE_WAN_DMZ $PROXY_DESTINATION_WAN_DMZ tcp
> 443
>
>
> Clients behind $IF_LAN are successfully proxied. Clients behind
> $IF_DMZ are not.
>
I didn't find port 3129 in the output of 'ss' in the dump.
teastep@debianvm:~/shorewall/support/Vieri$ fgrep 3129 dump
647 60701 TPROXY tcp -- * * 0.0.0.0/0
0.0.0.0/0 TPROXY redirect 0.0.0.0:3129 mark 0x200/0x200
15 900 TPROXY tcp -- * * 0.0.0.0/0
0.0.0.0/0 TPROXY redirect 0.0.0.0:3129 mark 0x200/0x200
7631296678228 8321451172 0 0 0 34775881
teastep@debianvm:~/shorewall/support/Vieri$
Does 'ss -tnap | fgrep 3129' produce any output.
- -Tom
- --
Tom Eastep \ Q: What do you get when you cross a mobster with
Shoreline, \ an international standard?
Washington, USA \ A: Someone who makes you an offer you can't
http://shorewall.org \ understand
\_______________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJZJJ0VAAoJEJbms/JCOk0QQhwQAMXpu3JgLuuH7preim4ENoGm
bsihOpIoLeAMgMKRwRmTW9yM1y1dy4GNDfVK+VRLu+m7yr3hUqZ6bbtdtH+DbuVu
gPup4EyhRIRsmp8riNfbVGE6JlwKmO7kQam8mX+KngL41RqtvrwIuYhsErkweVXU
O8o8daBnKDTHxdmPqVep39oHkWV0DX92DgKa9RPpVFf/RVR3uJo53iEEPw/1P50P
djWeuw+YO+FDU91ab3BOyFJnQLEYguOxZgC+eqybx2pOh0DnWFJ/6DLDNlGn4LRh
KX3x19/xtgikMYnE7PrjtYsSLt2DMLtKwz0MWxR0MDikhT4zy6Urgyw6l4NlFIgO
bANFbAaRBmgbU4I9ec5YUKIgN4/zkDcvh09kpG4X6GhJDsTRGcUvcQIy+upQZPW8
1zNV9tIj+OaYdy+AsyIHmNZE4+dmIRN+VDPvXAKjkdMcdAE7RClklMZYGN/9Zb0a
XmRdar+bF26yKsHEbLdqtRIV04IPbdLoh6iOPkfDwUMhhUtkh7a/wiji+ra5CxtV
e5pLhel+ZnpcdcAtQBIY+s1GjjmSJH1PmVn3E4a4DaR1jzX6glsaPKdtXBeJCusw
+FJqB3GGh+hofCNvvGFV7Oh55Isl8a7cPnHONZc36bSgeDOZ9BYOlXt0croMezHN
ssuX/b/RtHCg5xbI0KCH
=/f5g
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
