> > Hi, > > > > Here is my situation : > > > * CentOS 5.2 ( my own built kernel 2.6.25.11-TProxy-ReiserFS with this > patch : http://www.balabit.com/ downloads/files/tproxy/tproxy- > kernel-2.6.25-20080519-165031- 1211208631.tar.bz2) > * iptables v1.4.3-rc1( ftp://ftp.netfilter.org/pub/ > iptables/snapshot/iptables- 20090206.tar.bz2 ) > * squid 3.1.0.5 RC ( http://www.squid-cache.org/ > Versions/v3/3.1/squid-3.1.0.5. tar.bz2 ) and compiled with these > options : "'--enable-poll' '--enable-storeio=aufs,diskd, ufs' > '--with-pthreads' '--enable-removal-policies= heap,lru' '--enable- > linux-netfilter' '--enable-useragent-log' '--enable-referer-log' > '--enable-underscores' '--disable-dependency- tracking' > '--disable-ident-lookups' '--with-large-files' > '--enable-follow-x-forwarded- for' > '--enable-cache-digests' '--enable-delay-pools' '--enable-truncate' > '--prefix=/usr' '--localstatedir=/var' '--sysconfdir=/etc/squid' > '--with-logdir=/var/log/squid' '--enable-wccpv2' '--enable-wccp' > '--exec_prefix=/usr' '--bindir=/usr/sbin' '--libexecdir=/usr/lib/squid' > '--with-filedescriptors=8192' --with-squid=/usr/src/squid-3. 1.0.5 > --enable-ltdl-convenience\" > * with following iptables rules : > [root@CACHE1 squid-3.1.0.5]# service iptables status > Table: filter > Chain INPUT (policy ACCEPT) > num target prot opt source destination > > Chain FORWARD (policy ACCEPT) > num target prot opt source destination > > Chain OUTPUT (policy ACCEPT) > num target prot opt source destination > > Table: mangle > Chain PREROUTING (policy ACCEPT) > num target prot opt source destination > 1 DIVERT tcp -- 0.0.0.0/0 0.0.0.0/0 socket > 2 TPROXY tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > dpt:80 TPROXY redirect 0.0.0.0:3129 mark 0x1/0x1 > > Chain INPUT (policy ACCEPT) > num target prot opt source destination > > Chain FORWARD (policy ACCEPT) > num target prot opt source destination > > Chain OUTPUT (policy ACCEPT) > num target prot opt source destination > > Chain POSTROUTING (policy ACCEPT) > num target prot opt source destination > > Chain DIVERT (1 references) > num target prot opt source destination > 1 MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK > xset 0x1/0xffffffff I'm suspecting the mark of "0x1/0xffffffff" originally in the tutorial was a typo. Does it work any better when you change that to "0x1/0x1" ? Amos > 2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 > > [root@CACHE1 squid-3.1.0.5]# > * With following iproute2 rules : [root@CACHE1 squid-3.1.0.5]# ip ru > list > 0: from all lookup 255 > 32765: from all fwmark 0x1 lookup 100 > 32766: from all lookup main > 32767: from all lookup default > [root@CACHE1 squid-3.1.0.5]# ip ro list table 100 > local default dev lo scope host > [root@CACHE1 squid-3.1.0.5]# > > * with following http_port line in squid : http_port 3129 > tproxyeverything seems to be working and squid run with these messages > in cache.log : > 2009/02/07 22:22:43| Accepting spoofing HTTP connections at 0.0.0.0:3129, > FD 16. > > my > requests seems to be redirected to port 3129 as I expected and the > pages are loading propertly. But the problem is that when I go to site > http://myipaddress.co.uk/ it gives me the cache ip address instead of my > own client ip address. here is the tethereal output for one of my requests > : > > [root@CACHE1 ~]# tethereal host 213.171.218.15 -n > > Running as user "root" and group "root". This could be dangerous. > Capturing on eth1 > 0.000000 85.247.162.18 -> 213.171.218.15 HTTP GET / HTTP/1.1 > 0.000004 213.171.218.15 -> 85.247.162.18 TCP 80 > 39571 [ACK] Seq=1 > Ack=386 Win=62 Len=0 TSV=11294071 TSER=2135261 > 0.000006 85.247.162.2 -> 213.171.218.15 TCP 35330 > 80 [SYN] Seq=0 > Win=5840 Len=0 MSS=1460 TSV=11294071 TSER=0 WS=7 > 0.199523 213.171.218.15 -> 85.247.162.2 TCP 80 > 35330 [SYN, ACK] Seq=0 > Ack=1 Win=16384 Len=0 MSS=1460 WS=0 TSV=0 TSER=0 > 0.199533 85.247.162.2 -> 213.171.218.15 TCP 35330 > 80 [ACK] Seq=1 Ack=1 > Win=5888 Len=0 TSV=11294268 TSER=0 > 0.199603 85.247.162.2 -> 213.171.218.15 HTTP GET / HTTP/1.0 > 0.504191 213.171.218.15 -> 85.247.162.2 TCP [TCP segment of a > reassembled PDU] > 0.504199 85.247.162.2 -> 213.171.218.15 TCP 35330 > 80 [ACK] Seq=451 > Ack=1449 Win=8832 Len=0 TSV=11294570 TSER=52303830 > 0.504241 213.171.218.15 -> 85.247.162.2 HTTP HTTP/1.1 200 OK > (text/html) > 0.504246 85.247.162.2 -> 213.171.218.15 TCP 35330 > 80 [ACK] Seq=451 > Ack=2083 Win=11648 Len=0 TSV=11294570 TSER=52303830 > 0.504359 213.171.218.15 -> 85.247.162.18 HTTP HTTP/1.0 200 OK > (text/html) > 0.504364 213.171.218.15 -> 85.247.162.18 HTTP Continuation or non-HTTP > traffic > 0.504402 213.171.218.15 -> 85.247.162.18 HTTP Continuation or non-HTTP > traffic > 0.514428 85.247.162.18 -> 213.171.218.15 TCP 39571 > 80 [ACK] Seq=386 > Ack=1449 Win=3386 Len=0 TSV=2135390 TSER=11294570 > 0.514577 85.247.162.18 -> 213.171.218.15 TCP 39571 > 80 [ACK] Seq=386 > Ack=1579 Win=3386 Len=0 TSV=2135390 TSER=11294570 > 0.517022 85.247.162.18 -> 213.171.218.15 TCP 39571 > 80 [ACK] Seq=386 > Ack=2213 Win=4110 Len=0 TSV=2135390 TSER=11294570 > > Where my client ip address is 85.247.162.18 and my cache server ip > address is 85.247.162.2. This means that the client ip spoofing is not > working with tproxy4. Can any guide me ? > > -- > Regards > Hamid Hashemi > > > > >
