I have problem with transparent proxy feature using squid and linux iproute utility - i want to remowe squid from my main router - solution taken from LARTC howto.
The problem is that marked packtes by iptables are not routed to destination squid machine - I know that marking is working because countners in iptables are biger.
My way:
- compiled kernel with required option - ADVANCED ROUTER etc.
- iptables compiled with new kernel
- required options to iptables:
PREROUTING -s 10.10.32.61 -i eth0 -p tcp -m tcp --dport 80 -j MARK --set-mark 0x2
- table to rt_tables:
echo 202 www.out >> /etc/iproute2/rt_tables
- ip rule command:
ip rule add fwmark 2 table www.out
- ip route command (squid machine is in a different network than router)
ip route add default via 10.10.21.2 via 10.10.20.1 dev eth0 table www.out
- iptables on squid (i cant see any regular traffic comming to 80 port with tcpdump - there is no "port forwarding" and countners are not changing):
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
Everything was set like in lARTC howto.
Conf: kernel 2.4.22, iptables 1.2.8a, iproute2 2.4.7 (rpm rh9).
greetz boka
