Search squid archive

Re: TPROXY Issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Jamie Orzechowski wrote:

I am back trying to solve my tproxy issues.
Running Ubuntu server with Kernel 2.6.28-11-server, iptables v1.4.3.1, squid 3.1.0.6
I am able to browse transparently but proxy test sites still detect the cache. 

http://www.whatismyip.com says the following

Your IP Address Is 66.78.98.25
Other IPs Detected: 66.78.102.2
Possible Proxy Detected: 1.1 cache-01.ripnet.com (squid/3.1.0.6)

Why is this site detecting my proxy??



1) spoofing only occur between Squid and client.
2) whatsmyip etc use other methods than source IP address to detect proxies. From the info it gave its telling you it checked and found the Via header. 

Amos



----------------------------------------------------
Squid Cache: Version 3.1.0.6
configure options: '--prefix=/usr' '--includedir=/include' '--mandir=/share/man' '--infodir=/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=/lib/squid3' '--disable-maintainer-mode' '--disable-dependency-tracking' '--srcdir=.' '--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3' '--mandir=/usr/share/man' '--with-cppunit-basedir=/usr' '--enable-inline' '--enable-async-io=32' '--enable-storeio=ufs,aufs,diskd' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-underscores' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--with-filedescriptors=65536' '--with-default-user=proxy' '--enable-linux-netfilter' --with-squid=/tmp/squid-3.1.0.6 --enable-ltdl-convenience 

TPROXY Rules

/usr/local/sbin/iptables -t mangle -N DIVERT
/usr/local/sbin/iptables -t mangle -A DIVERT -j MARK --set-mark 1
/usr/local/sbin/iptables -t mangle -A DIVERT -j ACCEPT
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129 

ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100

echo 1 > /proc/sys/net/ipv4/ip_forward






--
Please be using
  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
  Current Beta Squid 3.1.0.6
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux