OK. Ok. I did what you told me, modify the rule, but nothing happened .. everything remains the same Rule amended iptables-t mangle-A PREROUTING-p tcp - dport 80-j TPROXY - tproxy-mark 0x1/0x1 - on-port 3129 2009/8/9 Amos Jeffries <squid3@xxxxxxxxxxxxx>: > On Sun, 9 Aug 2009 10:58:23 -0300, Carlos Botejara <cbotejara@xxxxxxxxx> > wrote: >> hi, this is my first post here. >> I have a problem, but first I describe the scenario >> I have clients with public IP >> Mikrotik router redirecting traffic to SQUID >> Squid 3.1 with support for TPROXY >> Iptables 1.4.4 with support for TPROXY >> Debian Lenny / Kernel 2.6.28 with support for TPROXY >> >> well. >> The proxy works as well, and when I made some test pages whatismyip, >> shows that the ip is the CLIENT. >> However. I can not get my clients with public IP address >> simultaneously downloading from RapidShare / Megaupload ETC. The error >> shown within these pages is the typical already are downloading from >> that ip, so if viewing RapidShare IP SQUID in reality and not the >> client. How fix this? >> >> the configuration file of squid in the harbor is well >> >> http_port 81 tproxy >> >> Iptables: >> >> iptables -t mangle -N DIVERT >> iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT >> iptables -t mangle -A DIVERT -j MARK --set-mark 1 >> iptables -t mangle -A DIVERT -j ACCEPT >> iptables -t mangle -A PREROUTING -p tcp --dport 3128 -j TPROXY >> --tproxy-mark 0x1/0x1 --on-port 81 > > You have this rule ass-backwards. > > TPROXY is intended to intercept port 80 traffic, not port 3128 traffic. > When the client is NOT configured to use the proxy. The HTTP request > formats are noticeably different. It's trivially easy to detect those > differences and probably what rapidshare is doing. > > Please go back and use the http://wiki.squid-cache.org/Features/Tproxy4 > documentation and configuration example. > >> >> ip rule add fwmark 1 lookup 100 >> ip route add local 0.0.0.0/0 dev lo table 100 >> >> echo 1 > /proc/sys/net/ipv4/ip_forward >> >> >> Mikrotik: >> Have a rule in the firewall to redirect all traffic to port 80 of the >> SQUID to the IP, port 3128 >> >> All clients create sessions PPPOE in Router Mikrotik >> >> May help? >> >> Regards > > Amos > -- Carlos Botejara Area Sistemas cbotejara@xxxxxxxxx NEUQUEN - ARGENTINA C: 0299-154060127 MSN:carlos.botejara@xxxxxxxxxxx http://www.linkedin.com/in/carlosbotejara Este correo está dirigido únicamente a la persona o entidad que figura en el destinatario y puede contener información confidencial y/o privilegiada. La copia, reenvío, o distribución de este mensaje por personas o entidades diferentes al destinatario está prohibido. Si Ud. ha recibido este correo por error, por favor contáctese con el remitente inmediatamente y borre el material de cualquier computadora. Este correo puede estar siendo monitoreado en cumplimiento de esta política.
