Re: Transparent Proxy & IPtables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


   
     Hi David !!!

     I got the following with tcpdump:

     On Squid Box: (command: tcpdump host myhost)

     tcpdump: listening on en0
18:46:30.687660229 myhost.55611 > my_squid_server.8080: S 34894507
80:3489450780(0) win 5840 <mss 1460,sackOK,timestamp 168050131 2113929216,nop,ws
cale 0> (DF)]
18:46:30.688073773 my_squid_server.8080 > myhost.55611: S 32226271
83:3222627183(0) ack 3489450781 win 17520 <mss 1460>]
18:46:30.688311973 myhost.55611 > my_squid_server.8080: R 34894507
81:3489450781(0) win 0 (DF)]
18:46:33.681623279 myhost.55611 > my_squid_server.8080: S 34894507
80:3489450780(0) win 5840 <mss 1460,sackOK,timestamp 168050132 2852126720,nop,ws
cale 0> (DF)]
18:46:33.681830269 my_squid_server.8080 > myhost.55611: S 32230751
83:3223075183(0) ack 3489450781 win 17520 <mss 1460>]
18:46:33.682081188 myhost.55611 > my_squid_server.8080: R 34894507
81:3489450781(0) win 0 (DF)]
18:46:39.681520839 myhost.55611 > my_squid_server.8080: S 34894507
80:3489450780(0) win 5840 <mss 1460,sackOK,timestamp 168050135 33554432,nop,wsca
le 0> (DF)]
18:46:39.681819038 my_squid_server.8080 > myhost.55611: S 32239071
83:3223907183(0) ack 3489450781 win 17520 <mss 1460>]
18:46:39.682037258 myhost.55611 > my_squid_server.8080: R 34894507
81:3489450781(0) win 0 (DF)]
18:46:51.681570105 myhost.55611 > my_squid_server.8080: S 34894507
80:3489450780(0) win 5840 <mss 1460,sackOK,timestamp 168050139 2986344448,nop,ws
cale 0> (DF)]
18:46:51.682178726 my_squid_server.8080 > myhost.55611: S 32255071
83:3225507183(0) ack 3489450781 win 17520 <mss 1460>]
18:46:51.682410411 myhost.55611 > my_squid_server.8080: R 34894507
81:3489450781(0) win 0 (DF)]


     On Firewall Box: (command: tcpdump host my_squid_server)

tcpdump: listening on eth0
18:39:46.966768 myhost.55603 > my_squid_server.webcache: S
2823996915:2823996915(0) win 5840 <mss 1460,sackOK,timestamp 71099749
0,nop,wscale 0> (DF)
18:39:49.966553 myhost.55603 > my_squid_server.webcache: S
2823996915:2823996915(0) win 5840 <mss 1460,sackOK,timestamp 71100049
0,nop,wscale 0> (DF)
18:39:51.962480 arp who-has my_squid_server tell my_firewall
18:39:51.962661 arp reply my_squid_server is-at 0:20:35:12:bf:28
18:39:55.967083 myhost.55603 > my_squid_server.webcache: S
2823996915:2823996915(0) win 5840 <mss 1460,sackOK,timestamp 71100649
0,nop,wscale 0> (DF)
18:40:07.968008 myhost.55603 > my_squid_server.webcache: S
2823996915:2823996915(0) win 5840 <mss 1460,sackOK,timestamp 71101849
0,nop,wscale 0> (DF)
18:40:31.969936 myhost.55603 > my_squid_server.webcache: S
2823996915:2823996915(0) win 5840 <mss 1460,sackOK,timestamp 71104249
0,nop,wscale 0> (DF)
18:40:36.962475 arp who-has my_squid_server tell my_firewall
18:40:36.962744 arp reply my_squid_server is-at 0:20:35:12:bf:28


      On My Host Box: (command: tcpdump host my_squid_server)

      tcpdump: listening on eth0
18:58:05.045512 arp who-has my_squid_server tell my_firewall
18:58:05.046222 my_squid_server.webcache > myhost.55641: S
1059540976:1059540976(0) ack 60485814 win 17520 <mss 1460>
18:58:05.046308 myhost.55641 > my_squid_server.webcache: R 60485814:60485814(0)
win 0 (DF)
18:58:08.040984 my_squid_server.webcache > myhost.55641: S
1059988976:1059988976(0) ack 60485814 win 17520 <mss 1460>
18:58:08.041082 myhost.55641 > my_squid_server.webcache: R 60485814:60485814(0)
win 0 (DF)
18:58:14.040980 my_squid_server.webcache > myhost.55641: S
1060820976:1060820976(0) ack 60485814 win 17520 <mss 1460>
18:58:14.041061 myhost.55641 > my_squid_server.webcache: R 60485814:60485814(0)
win 0 (DF)
18:58:26.041192 my_squid_server.webcache > myhost.55641: S
1062420976:1062420976(0) ack 60485814 win 17520 <mss 1460>
18:58:26.041283 myhost.55641 > my_squid_server.webcache: R 60485814:60485814(0)
win 0 (DF)
18:58:31.040055 arp who-has my_squid_server tell myhost
18:58:31.040263 arp reply my_squid_server is-at 0:20:35:12:bf:28
                                                                  

      What do you think about this ? Is this normal ?

      Thanks again,
    
              Tiago Fioreze

********************************************
*         Administrador da Rede            *
*                                          *
*     Núcleo de Ciência da Computação      *
*   Universidade Federal de Santa Maria    *
* Santa Maria - Rio Grande do Sul - Brasil *
********************************************

Citando David Correa <tech@linux-tech.com>:

> 
> On Tue, May 14, 2002 at 05:25:51PM -0300, Tiago Fioreze wrote:
> >           
> >      --> IPTables:
> > 
> >           iptables -t nat -A PREROUTING -i eth0 -s ! squid-box -p tcp
> --dport 80
> > -j DNAT --to squid-box:8080    
> >           iptables -A FORWARD -s local-network -d squid-box -i eth0 -o eth0
> -p
> > tcp --dport 8080 -j ACCEPT
> > 
> > 
> >      The problem:
> > 
> >           The iptables changes the destination (from anywhere:80 to
> > squid-box:8080), but the SQUID didn't receive none packets on port 8080.
> >           
> 
> 
> try this:
> 
> iptables -t nat -A PREROUTING -p tcp -i $INET_IFACE --dport $SRPORT -j DNAT
> --to-destination $HOST:$DESTPORT
> iptables -t filter -A FORWARD -p tcp -d $HOST --dport $DESTPORT -j ACCEPT
> 
> and use tcpdump, to see what is happening
> 
> hope this helps.
> 
> -- 
> David Correa
> Public Key http://www.linux-tech.com/linuxtech.asc
> Key fingerprint 7F2C E072 479D 71B4 008B 373E A284 8CDE 7659 F5D8
> ------------------------------------------------------------------------
>      To unsubscribe email security-discuss-request@linuxsecurity.com
>          with "unsubscribe" in the subject of the message.
> 
> 
------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.
[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux