Squid3 + Tproxy

[manzke]

Ola sou novo no fórum, estou precisando de uma ajuda. Estou montando um servidor Debian 7 com kernel 3.21 com squid3 e tproxy, estou tendo algum problema que não estou conseguindo resolver e peco a vocês uma ajudinha. Meu iptables esta assim:

iptables -t mangle -F
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1/1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 1/1 --on-port 3128


Meu squid.conf assim:

#Porta default do proxy

http_port 3128 tproxy


#Cache

cache_mem 1024 mb

maximum_object_size_in_memory 20480 kb

cache_swap_low 90

cache_swap_high 95

cache_dir ufs /var/spool/squid3 2048 16 256

cache_access_log /var/log/squid3/access.log

refresh_pattern ^ftp: 15 20% 2280

refresh_pattern ^gopher: 15 0% 2280

refresh_pattern . 15 20% 2280


#Regras de acesso para rede local

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl SSL_ports port 443 563

acl Safe_ports port 80 #http

acl Safe_ports port 21 #ftp

acl Safe_ports port 70 #gopher

acl Safe_ports port 210 #wais

acl Safe_ports port 280 #http-mgmt

acl Safe_ports port 488 #gss-http

acl Safe_ports port 591 #filemaker

acl Safe_ports port 777 #multiling http

acl Safe_ports port 901 #swat

acl Safe_ports port 443 563 #https e snews

acl Safe_ports port 1025-65535 #portas altas

acl purge method PURGE

acl CONNECT method CONNECT

http_access allow manager localhost

http_access deny manager

http_access allow purge localhost

http_access deny purge

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports


error_directory /usr/share/squid3/errors/Portuguese


acl redelocal src 172.0.0.0/8

http_access allow redelocal

http_access allow localhost

http_access deny all


## Icones ##

icon_directory /usr/share/squid3/icons

short_icon_urls on


#Cache windowsupdate ( Faz cache do Windows Update ) ##

refresh_pattern windowsupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims

refresh_pattern download.microsoft.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims

refresh_pattern www.download.microsoft.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims

refresh_pattern www.microsoft.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims

refresh_pattern au.download.windowsupdate.com/.*\.(cab|exe|dll|msi) 4320 100% 43200 reload-into-ims

refresh_pattern download.windowsupdate.com/.*\.(cab|exe|dll|msi) 4320 100% 43200 reload-into-ims

refresh_pattern www.download.windowsupdate.com/.*\.(cab|exe|dll|msi) 4320 100% 43200 reload-into-ims





........



Bom o erro e' o seguinte, chega a requisição mas o iptables não esta redirecionando para a porta 3128, e se eu mandar via proxy a mensagem no squid.log 'e TCP_MISS/000


Bom espero que alguém consiga me ajudar.
Agradeço desde ja.