[Firehol-support] squid tproxy support

David Touzeau david at articatech.com
Sun Mar 29 00:32:05 GMT 2015


Hi, i'm currently testing Tproxy mode feature

I have an issue that the local Squid proxy claims look back to Myself

I have set this


FIREHOL_LOG_PREFIX="FIREHOL:"
FIREHOL_TPROXY_MARK="0xffff"
FIREHOL_TPROXY_IP_ROUTE_TABLE="999"
FIREHOL_TPROXY_ROUTE_DEVICE="lo"
home_ips="192.168.1.0/24"

tproxy 80 port 3128

The rule catch correctly computers requests but Squid claim


2015/03/29 01:29:01 kid1| WARNING: Forwarding loop detected for:
GET /server-status/?auto HTTP/1.1
Host: localhost.touzeau.biz
Via: 1.1 routeur.touzeau.biz (squid/3.5.2-20150327-r13784)
Cache-Control: max-age=2592000
Connection: keep-alive


It seems that when the proxy catch request and wants to forward requests 
to Internet, it is catched by the tproxy rule too and looping.

How to set the rule in order to prevent catching proxy requests itself ?

Best regards



Le 15/02/2015 14:37, Tsaousis, Costa a écrit :
> Hi David,
>
> Check this: https://github.com/ktsaou/firehol/issues/25#issuecomment-38622207
>
> I think it is already in v2, but keep in mind this is untested. The
> requester never responded if it works or not, this is why the issue is
> still open.
>
> If you have problems with it, post a comment on the github link above,
> to have everything related in one place.
> Please, if it works for you, let us know to close the issue.
>
> Costa
>
>
> On Sun, Feb 15, 2015 at 3:12 PM, David Touzeau <david at articatech.com> wrote:
>> Hi
>>
>> I'm currently using the 2.0 version
>> i would like to enable the transparent squid method using the tproxy mode
>> Is there a macro that can perform this step ?
>>
>> Bets regards
>> _______________________________________________
>> Firehol-support mailing list
>> Firehol-support at lists.firehol.org
>> http://lists.firehol.org/mailman/listinfo/firehol-support




More information about the Firehol-support mailing list