On Mon, 10 Aug 2009 20:30:05 -0300, Carlos Botejara <cbotejara@xxxxxxxxx> wrote: > OK. > > Ok. I did what you told me, modify the rule, but nothing happened .. > everything remains the same > Rule amended > iptables-t mangle-A PREROUTING-p tcp - dport 80-j TPROXY - tproxy-mark > 0x1/0x1 - on-port 3129 Hm, okay. Then you need to find out exactly how the clients are connecting to that site and why its not working. Amos > > 2009/8/9 Amos Jeffries <squid3@xxxxxxxxxxxxx>: >> On Sun, 9 Aug 2009 10:58:23 -0300, Carlos Botejara <cbotejara@xxxxxxxxx> >> wrote: >>> hi, this is my first post here. >>> I have a problem, but first I describe the scenario >>> I have clients with public IP >>> Mikrotik router redirecting traffic to SQUID >>> Squid 3.1 with support for TPROXY >>> Iptables 1.4.4 with support for TPROXY >>> Debian Lenny / Kernel 2.6.28 with support for TPROXY >>> >>> well. >>> The proxy works as well, and when I made some test pages whatismyip, >>> shows that the ip is the CLIENT. >>> However. I can not get my clients with public IP address >>> simultaneously downloading from RapidShare / Megaupload ETC. The error >>> shown within these pages is the typical already are downloading from >>> that ip, so if viewing RapidShare IP SQUID in reality and not the >>> client. How fix this? >>> >>> the configuration file of squid in the harbor is well >>> >>> http_port 81 tproxy >>> >>> Iptables: >>> >>> iptables -t mangle -N DIVERT >>> iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT >>> iptables -t mangle -A DIVERT -j MARK --set-mark 1 >>> iptables -t mangle -A DIVERT -j ACCEPT >>> iptables -t mangle -A PREROUTING -p tcp --dport 3128 -j TPROXY >>> --tproxy-mark 0x1/0x1 --on-port 81 >> >> You have this rule ass-backwards. >> >> TPROXY is intended to intercept port 80 traffic, not port 3128 traffic. >> When the client is NOT configured to use the proxy. The HTTP request >> formats are noticeably different. It's trivially easy to detect those >> differences and probably what rapidshare is doing. >> >> Please go back and use the http://wiki.squid-cache.org/Features/Tproxy4 >> documentation and configuration example. >> >>> >>> ip rule add fwmark 1 lookup 100 >>> ip route add local 0.0.0.0/0 dev lo table 100 >>> >>> echo 1 > /proc/sys/net/ipv4/ip_forward >>> >>> >>> Mikrotik: >>> Have a rule in the firewall to redirect all traffic to port 80 of the >>> SQUID to the IP, port 3128 >>> >>> All clients create sessions PPPOE in Router Mikrotik >>> >>> May help? >>> >>> Regards >> >> Amos >>
