problem solved. in squid.conf x_forwarded deny localhost ;) regards 2009/8/12 Carlos Botejara <cbotejara@xxxxxxxxx>: > The problem is the http header. > check the traffic and saw that x_forwarded header has the following format: > x_forwarded: client-ip, ip-proxy1, ip-proxy2. > In my header, the client ip is there, but there is also the ip of the squid. > the question is: How do I only see the ip of the client and remove the > ip of the squid form header? > > 2009/8/10 Amos Jeffries <squid3@xxxxxxxxxxxxx>: >> On Mon, 10 Aug 2009 20:30:05 -0300, Carlos Botejara <cbotejara@xxxxxxxxx> >> wrote: >>> OK. >>> >>> Ok. I did what you told me, modify the rule, but nothing happened .. >>> everything remains the same >>> Rule amended >>> iptables-t mangle-A PREROUTING-p tcp - dport 80-j TPROXY - tproxy-mark >>> 0x1/0x1 - on-port 3129 >> >> Hm, okay. Then you need to find out exactly how the clients are connecting >> to that site and why its not working. >> >> Amos >> >>> >>> 2009/8/9 Amos Jeffries <squid3@xxxxxxxxxxxxx>: >>>> On Sun, 9 Aug 2009 10:58:23 -0300, Carlos Botejara <cbotejara@xxxxxxxxx> >>>> wrote: >>>>> hi, this is my first post here. >>>>> I have a problem, but first I describe the scenario >>>>> I have clients with public IP >>>>> Mikrotik router redirecting traffic to SQUID >>>>> Squid 3.1 with support for TPROXY >>>>> Iptables 1.4.4 with support for TPROXY >>>>> Debian Lenny / Kernel 2.6.28 with support for TPROXY >>>>> >>>>> well. >>>>> The proxy works as well, and when I made some test pages whatismyip, >>>>> shows that the ip is the CLIENT. >>>>> However. I can not get my clients with public IP address >>>>> simultaneously downloading from RapidShare / Megaupload ETC. The error >>>>> shown within these pages is the typical already are downloading from >>>>> that ip, so if viewing RapidShare IP SQUID in reality and not the >>>>> client. How fix this? >>>>> >>>>> the configuration file of squid in the harbor is well >>>>> >>>>> http_port 81 tproxy >>>>> >>>>> Iptables: >>>>> >>>>> iptables -t mangle -N DIVERT >>>>> iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT >>>>> iptables -t mangle -A DIVERT -j MARK --set-mark 1 >>>>> iptables -t mangle -A DIVERT -j ACCEPT >>>>> iptables -t mangle -A PREROUTING -p tcp --dport 3128 -j TPROXY >>>>> --tproxy-mark 0x1/0x1 --on-port 81 >>>> >>>> You have this rule ass-backwards. >>>> >>>> TPROXY is intended to intercept port 80 traffic, not port 3128 traffic. >>>> When the client is NOT configured to use the proxy. The HTTP request >>>> formats are noticeably different. It's trivially easy to detect those >>>> differences and probably what rapidshare is doing. >>>> >>>> Please go back and use the http://wiki.squid-cache.org/Features/Tproxy4 >>>> documentation and configuration example. >>>> >>>>> >>>>> ip rule add fwmark 1 lookup 100 >>>>> ip route add local 0.0.0.0/0 dev lo table 100 >>>>> >>>>> echo 1 > /proc/sys/net/ipv4/ip_forward >>>>> >>>>> >>>>> Mikrotik: >>>>> Have a rule in the firewall to redirect all traffic to port 80 of the >>>>> SQUID to the IP, port 3128 >>>>> >>>>> All clients create sessions PPPOE in Router Mikrotik >>>>> >>>>> May help? >>>>> >>>>> Regards >>>> >>>> Amos >>>> >> > > > > -- > Carlos Botejara > Area Sistemas > cbotejara@xxxxxxxxx > NEUQUEN - ARGENTINA > C: 0299-154060127 > MSN:carlos.botejara@xxxxxxxxxxx > http://www.linkedin.com/in/carlosbotejara > > Este correo está dirigido únicamente a la persona o entidad que figura > en el destinatario y puede contener información confidencial y/o > privilegiada. > La copia, reenvío, o distribución de este mensaje por personas o > entidades diferentes al destinatario está prohibido. > Si Ud. ha recibido este correo por error, por favor contáctese con el > remitente inmediatamente y borre el material de cualquier computadora. > Este correo puede estar siendo monitoreado en cumplimiento de esta política. > -- Carlos Botejara Area Sistemas cbotejara@xxxxxxxxx NEUQUEN - ARGENTINA C: 0299-154060127 MSN:carlos.botejara@xxxxxxxxxxx http://www.linkedin.com/in/carlosbotejara Este correo está dirigido únicamente a la persona o entidad que figura en el destinatario y puede contener información confidencial y/o privilegiada. La copia, reenvío, o distribución de este mensaje por personas o entidades diferentes al destinatario está prohibido. Si Ud. ha recibido este correo por error, por favor contáctese con el remitente inmediatamente y borre el material de cualquier computadora. Este correo puede estar siendo monitoreado en cumplimiento de esta política.
