Re: [squid-users] Squid and iptables

2020-02-14 Thread Amos Jeffries
On 11/02/20 4:48 am, L.P.H. van Belle wrote: > Hai, > > I'm having a squid 4.10 on Debian 10 running ( with strongswan VPN ) and ufw > firewall (iptables) > Most is running fine but i still see some error and i somehow miss here what > im doing wrong. > You may not be doing anything. INVA

Re: [squid-users] squid and iptables

2018-10-13 Thread morteza omidian
Cat I Keep Connection marks when I use Tproxy??! Is "acl aclname clientside_mark mark[/mask]" directive only works on squid4 and up??Can i use it in squid3?Is only way to installing squid4 download the source code?? Tank You On Saturday, October 13, 2018, 10:03:33 AM GMT+3:30, Amos Jeffrie

Re: [squid-users] squid and iptables

2018-10-12 Thread Amos Jeffries
On 13/10/18 6:08 PM, morteza omidian wrote: > tanx again. > Ok, if I want to know connmark of packets and connection in squid and > then select them with an ACL inside of squid  and then again mark them > with "tcp_outgoing_mark", is that possible?? > Yes. > In this page

Re: [squid-users] squid and iptables

2018-10-12 Thread morteza omidian
tanx again.Ok, if I want to know connmark of packets and connection in squid and then select them with an ACL inside of squid  and then again mark them with "tcp_outgoing_mark", is that possible?? In this page i don't see what you said!The ACL that be configured only match with clients source

Re: [squid-users] squid and iptables

2018-10-12 Thread Amos Jeffries
On 13/10/18 5:13 AM, morteza omidian wrote: > > Tank you, I see it now. > It does not help me, I want to have an acl to select traffic (HTTP > traffic that comes from client to squid) that have a specific packet > mark and then send them out with another mark. like this: > In iptables-mangle-PRERO

Re: [squid-users] squid and iptables

2018-10-12 Thread morteza omidian
Tank you, I see it now.It does not help me, I want to have an acl to select traffic (HTTP traffic that comes from client to squid) that have a specific packet mark and then send them out with another mark. like this:In iptables-mangle-PREROUTING:  iptables -t mangle -A PREROUTING -p tcp --dpo

Re: [squid-users] squid and iptables

2018-10-12 Thread Antony Stone
On Friday 12 October 2018 at 16:41:44, morteza omidian wrote: > HiI asked my question before.It seems that anybody can not answer it!! Did you miss the response from Amos? http://lists.squid-cache.org/pipermail/squid-users/2018-October/019389.html > As you know, we can mark packets when they go