Re: Should "Transparent web-caching" work with ppp0/pptp? (It doesn't...)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dear Pascal,

  Thank you for your reply (Merci).

  Just to restate my issue:  I am trying to get outbounds packets
destined for TCP port 80
tunneled through a pptp VPN (out the ppp0 interface).


Diagram of what I am trying to accomplish:

[my server] ---pptp--> [VPN server] --> website

> Where is the squid proxy ?

There is none.  Instead of going through squid, the packets must go
through the VPN.  There is some kind of transparent proxy in the VPN,
because when I route packets destined to a particular website (by
static route using the website's IP address) via the VPN server, the
webserver records HTTP access from the VPN server.

But instead of using select static routes, we want to do this for all
port 80 packets, route them through the VPN server.

[my server] ---pptp--> [VPN server] --> websites


>> Should this work with an ppp0 interface?
>
> Sure. The interface type makes no difference.

Ok.  Here is my trouble:  Connection times out.

# telnet www.google.com 80
Trying 74.125.93.99...
telnet: connect to address 74.125.93.99: Connection timed out

Thanks for explaining about the OUTPUT and the marking.  Here is what
I have now:

My server:  38.98.245.202

pppd: local  IP address 192.168.2.131
pppd: remote IP address 192.168.2.125


[root@vulture ~]# iptables -t mangle -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
MARK       tcp  --  anywhere             anywhere            tcp
dpt:http MARK set 0x2

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
[root@vulture ~]#


[root@vulture ~]# ip rule ls
0:      from all lookup 255
32765:  from all fwmark 0x2 lookup www.out
32766:  from all lookup main
32767:  from all lookup default
[root@vulture ~]# ip route list table www.out
default via 192.168.2.125 dev ppp0
[root@vulture ~]# ip route
192.168.2.125 dev ppp0  proto kernel  scope link  src 192.168.2.133
69.15.192.18 via 38.98.245.201 dev eth0  src 38.98.245.202
38.98.245.200/29 dev eth0  proto kernel  scope link  src 38.98.245.202
169.254.0.0/16 dev eth0  scope link
default via 38.98.245.201 dev eth0
[root@vulture ~]#

I've checked and disabled source validation aka reverse-path filtering
for ppp0, thanks for that tip!

echo 0 > /proc/sys/net/ipv4/conf/ppp0/rp_filter

I've confirmed source validation is disabled on all interfaces.

(/proc/sys/net/ipv4/conf/all/rp_filter=0)

Now my outgoing port 80 connections are hanging...   What can I do next, please?

Best,
Aleksey
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux