Search squid archive

RE: FW: Tproxy Help // Transparent works fine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 17 Jun 2009 10:28:35 -0700, "Alexandre DeAraujo" <alexd@xxxxxxx>
wrote:
>> Does access.log say anything is arriving at Squid?
>> Are you able to track the packets anywhere else?
>> 
>> Amos
> 
> Once the client tries to browse, the connection times out after 100-150
> seconds and displays the error page:
> The following error was encountered while trying to retrieve the URL:
> http://www.msn.com/
> 	Connection to 207.68.172.246 failed.
> The system returned: (110) Connection timed out
> The remote host or network may be down. Please try the request again.
> 
> ..and the following message will show on the access.log(at the same time
as
> the timeout page is showed on the browser)
> 1245254249.779 179970 192.168.10.3 TCP_MISS/504 4533 GET
> http://www.msn.com/ - DIRECT/207.68.173.76 text/html
> 1245254249.779 179970 192.168.10.3 TCP_MISS/504 4533 GET
> http://www.msn.com/ - DIRECT/207.68.173.76 text/html
> Nothing else will show in the access.log from the moment that the client
> tries to browse.
> 
> The following is the output of 'iptables -I INPUT -p tcp -j LOG'. Here is
> everything from the time the client tries to browse to when the
connection
> times out
> client ip = 192.168.10.3
> squid ip = 192.168.20.10
> msn.com ip = 207.68.172.246
> 
> Jun 17 10:09:20 kernel: IN=wccp2 OUT= MAC= SRC=192.168.10.3
> DST=192.168.20.10 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=4652 DF PROTO=TCP
> SPT=3920 DPT=3128 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x1 
> Jun 17 10:09:20 kernel: IN=wccp2 OUT= MAC= SRC=192.168.10.3
> DST=192.168.20.10 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=4653 DF PROTO=TCP
> SPT=3920 DPT=3128 WINDOW=65535 RES=0x00 ACK URGP=0 MARK=0x1 
> Jun 17 10:09:20 kernel: IN=wccp2 OUT= MAC= SRC=192.168.10.3
> DST=192.168.20.10 LEN=968 TOS=0x00 PREC=0x00 TTL=127 ID=4654 DF PROTO=TCP
> SPT=3920 DPT=3128 WINDOW=65535 RES=0x00 ACK PSH URGP=0 MARK=0x1 

... show several packets where client is connecting straight to squid IP as
a regular proxy!!

(I assume squid handles the requests and spoofs the client IP:  
192.168.10.3->207.68.172.246)

> Jun 17 10:09:20 kernel: IN=wccp2 OUT= MAC= SRC=192.168.10.3
> DST=207.68.172.246 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=46343 DF PROTO=TCP
> SPT=34661 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 MARK=0x1 
> Jun 17 10:09:20 kernel: IN=wccp2 OUT= MAC= SRC=192.168.10.3
> DST=207.68.172.246 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=4655 PROTO=TCP
> SPT=34661 DPT=80 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x1 

... router catches packets between 192.168.10.3->207.68.172.246 and send
them to Squid for handling...


(I assume squid handles the requests and spoofs the client IP:  
192.168.10.3->207.68.172.246)

> Jun 17 10:09:23 kernel: IN=wccp2 OUT= MAC= SRC=192.168.10.3
> DST=207.68.172.246 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=46344 DF PROTO=TCP
> SPT=34661 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 MARK=0x1 
> Jun 17 10:09:23 kernel: IN=wccp2 OUT= MAC= SRC=192.168.10.3
> DST=207.68.172.246 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=4656 PROTO=TCP
> SPT=34661 DPT=80 WINDOW=0 RES=0x00 RST URGP=0 MARK=0x1 

... router catches packets between 192.168.10.3->207.68.172.246 and send
them to Squid for handling...

... IF my assumption about where each of those packets is originating is
true. It seems like a triangle of doom.


IMO Squid needs to be given a dedicated _interface_ on the router. And any
packets coming from that _interface_ be exempted from WCCP route-back.


Amos


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux