Search squid archive

TPROXY 4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello ,


I am having some trouble redirecting port 80 traffic to 3129 using
tproxy for transparent proxying.
The SYNs come in but there is no SYN-ACK going out.

Please help me !!!!!

My server have only one single interface with global ip addresses wich
connect directly to the internet



Detailed information from my server

#######################################################################
###############
 Squid Cache: Version 3.1.0.13
configure options:  '--enable-linux-netfilter' '--prefix=/squid/' --with-squid=/src/squid-3.1.0.13 --enable-ltdl-convenience
[root@proxymain sysconfig]# cat /squid/etc/squid.conf
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl test src 85.132.47.0/24
acl test2 src 85.132.32.0/24
acl test3 src 62.212.227.0/24
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 3129
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access allow test
http_access allow test2
http_access allow test3
http_access deny all
http_port 3128
http_port 3129 tproxy 
hierarchy_stoplist cgi-bin ?
coredump_dir /squid/var/cache
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320
cache_effective_user squid
cache_effective_group squid
visible_hostname proxymain
cache_dir ufs /cache 6000 16 256
######################################################################
[root@proxymain    sysconfig]#    iptables    -V    (DOWNLOADED   FROM
NETFILTER.ORG-NOT PATCHED)
iptables v1.4.3
#######################################################################
root@proxymain   sysconfig]#  uname  -a   (DONLOADED FORM KERNEL.ORG -
WITHOWT ANY PATCHES FROM bALABIT)
Linux  2.6.30.5-second #1 SMP Sun Aug 30 22:45:27 AZST 2009 x86_64 x86_64 x86_64 GNU/Linux
#######################################################################
Chain PREROUTING (policy ACCEPT)

target     prot opt source               destination         
DIVERT     tcp  --  anywhere             anywhere            socket 
TPROXY     tcp  --  anywhere             anywhere            tcp dpt:80 TPROXY redirect 0.0.0.0:3129 mark 0x1/0x1

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain DIVERT (1 references)
target     prot opt source               destination         
MARK       all  --  anywhere             anywhere            MARK xset 0x1/0xffffffff 
ACCEPT     all  --  anywhere             anywhere
#######################################################################

[root@proxymain sysconfig]# ip rule ls
0:      from all lookup 255 
32765:  from all fwmark 0x1 lookup 100
32766:  from all lookup main 
32767:  from all lookup default
#####################################################################
[root@proxymain sysconfig]# ip route ls table 100
local default dev lo  scope host
#####################################################################

[root@proxymain sysconfig]# lsmod | egrep "xt|nf"
nf_nat                 18924  1 iptable_nat
nf_conntrack_ipv4      14448  3 iptable_nat,nf_nat
xt_TPROXY               2616  1 
xt_tcpudp               3544  1 
xt_MARK                 3064  1 
xt_socket               2904  1 
nf_tproxy_core          3160  2 xt_TPROXY,xt_socket,[permanent]
nf_conntrack           68208  4 iptable_nat,nf_nat,nf_conntrack_ipv4,xt_socket
nf_defrag_ipv4          2456  3 nf_conntrack_ipv4,xt_TPROXY,xt_socket
x_tables               22624  6 iptable_nat,ip_tables,xt_TPROXY,xt_tcpudp,xt_MARK,xt_socket
i2c_nforce2             7768  0 
i2c_core               25568  1 i2c_nforce2
ext3                  123528  2 
jbd                    46848  1 ext3
 ######################################################################
[root@proxymain sysconfig]# tcpdump -nn -i eth0 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
00:12:02.402611 IP 85.132.32.40.1532 > 85.132.32.34.80: S 3187993921:3187993921(0) win 65535 <mss 1460,nop,nop,sackOK>
00:12:02.403087 IP 85.132.32.34.80 > 85.132.32.40.1532: S 3741385741:3741385741(0) ack 3187993922 win 5840 <mss 1460,nop,nop,sackOK>
00:12:02.402697 IP 85.132.32.40.1532 > 85.132.32.34.80: . ack 1 win 65535
00:12:02.407937 IP 85.132.32.40.1532 > 85.132.32.34.80: P 1:413(412) ack 1 win 65535
00:12:02.407971 IP 85.132.32.34.80 > 85.132.32.40.1532: . ack 413 win 6432
00:12:02.408389 IP 85.132.32.40.42747 > 194.87.0.50.80: S 3750675832:3750675832(0) win 5840 <mss 1460,sackOK,timestamp 4169685 0,nop,wscale 7>
00:12:05.407861 IP 85.132.32.40.42747 > 194.87.0.50.80: S 3750675832:3750675832(0) win 5840 <mss 1460,sackOK,timestamp 4172685 0,nop,wscale 7>
00:12:11.407465 IP 85.132.32.40.42747 > 194.87.0.50.80: S 3750675832:3750675832(0) win 5840 <mss 1460,sackOK,timestamp 4178685 0,nop,wscale 7>
00:12:23.406682 IP 85.132.32.40.42747 > 194.87.0.50.80: S 3750675832:3750675832(0) win 5840 <mss 1460,sackOK,timestamp 4190685 0,nop,wscale 7>
#######################################################################
##
2009/08/30 23:31:56| Starting Squid Cache version 3.1.0.13 for x86_64-unknown-linux-gnu...
2009/08/30 23:31:56| Process ID 12787
2009/08/30 23:31:56| With 1024 file descriptors available
2009/08/30 23:31:56| Initializing IP Cache...
2009/08/30 23:31:56| DNS Socket created at 0.0.0.0, FD 7
2009/08/30 23:31:56| Adding domain caspel.com from /etc/resolv.conf
2009/08/30 23:31:56| Adding nameserver 85.132.32.41 from /etc/resolv.conf
2009/08/30 23:31:56| Adding nameserver 85.132.32.42 from /etc/resolv.conf
2009/08/30 23:31:56| Unlinkd pipe opened on FD 12
2009/08/30 23:31:56| Store logging disabled
2009/08/30 23:31:56| Swap maxSize 6144000 + 262144 KB, estimated 492780 objects
2009/08/30 23:31:56| Target number of buckets: 24639
2009/08/30 23:31:56| Using 32768 Store buckets
2009/08/30 23:31:56| Max Mem  size: 262144 KB
2009/08/30 23:31:56| Max Swap size: 6144000 KB
2009/08/30 23:31:56| Version 1 of swap file without LFS support detected... 
2009/08/30 23:31:56| Rebuilding storage in /cache (CLEAN)
2009/08/30 23:31:56| Using Least Load store dir selection
2009/08/30 23:31:56| Set Current Directory to /squid/var/cache
2009/08/30 23:31:56| Loaded Icons.
2009/08/30 23:31:56| Accepting  HTTP connections at 0.0.0.0:3128, FD 15.
2009/08/30 23:31:56| Accepting  spoofing HTTP connections at 0.0.0.0:3129, FD 16.
2009/08/30 23:31:56| HTCP Disabled.
2009/08/30 23:31:56| Squid modules loaded: 0
2009/08/30 23:31:56| Ready to serve requests.
2009/08/30 23:31:56| Done reading /cache swaplog (0 entries)
2009/08/30 23:31:56| Finished rebuilding storage from disk.
2009/08/30 23:31:56|         0 Entries scanned
2009/08/30 23:31:56|         0 Invalid entries.
2009/08/30 23:31:56|         0 With invalid flags.
2009/08/30 23:31:56|         0 Objects loaded.
2009/08/30 23:31:56|         0 Objects expired.
2009/08/30 23:31:56|         0 Objects cancelled.
2009/08/30 23:31:56|         0 Duplicate URLs purged.
2009/08/30 23:31:56|         0 Swapfile clashes avoided.
2009/08/30 23:31:56|   Took 0.01 seconds (  0.00 objects/sec).
2009/08/30 23:31:56| Beginning Validation Procedure
2009/08/30 23:31:56|   Completed Validation Procedure
2009/08/30 23:31:56|   Validated 25 Entries
2009/08/30 23:31:56|   store_swap_size = 0
2009/08/30 23:31:57| storeLateRelease: released 0 objects
[root@proxymain sysconfig]#

1251655621.226 155982 85.132.32.40 TCP_MISS/503 4143 GET http://www.squid-cache.org/Artwork/SN.png - DIRECT/www.squid-cache.org text/html
1251655621.226 107693 85.132.47.219 TCP_MISS/503 4151 GET http://www.squid-cache.org/Artwork/SN.png - DIRECT/www.squid-cache.org text/html
1251655621.230      0 85.132.32.40 TCP_MISS/503 4143 GET http://www.squid-cache.org/Artwork/SN.png - DIRECT/www.squid-cache.org text/html
1251655646.107   6457 85.132.47.219 TCP_MISS/000 0 GET http://www.google.az/ - DIRECT/www.google.az -
1251655658.226  60014 85.132.47.219 TCP_MISS/504 4510 POST http://safebrowsing.clients.google.com/safebrowsing/downloads? - DIRECT/safebrowsing.clients.google.com text/html
1251656346.912  21227 85.132.32.40 TCP_MISS/000 0 GET http://194.87.0.50/ - DIRECT/194.87.0.50 -
1251656526.724 179798 85.132.32.40 TCP_MISS/504 3977 GET http://www.ru/ - DIRECT/194.87.0.50 text/html
1251656586.724  59968 85.132.32.40 TCP_MISS/504 4069 GET http://www.squid-cache.org/Artwork/SN.png - DIRECT/12.160.37.9 text/html
1251656867.544  88637 85.132.32.40 TCP_MISS/000 0 GET http://www.ru/ - DIRECT/www.ru -
1251657043.812 176266 85.132.32.40 TCP_MISS/000 0 GET http://www.ru/ - DIRECT/www.ru -
1251657101.539  60109 85.132.32.40 TCP_MISS/504 4018 GET http://www.ru/ - DIRECT/194.87.0.50 text/html
1251657207.136  64675 85.132.32.40 TCP_MISS/000 0 GET http://www.ru/ - DIRECT/www.ru -
1251657387.522 180384 85.132.32.40 TCP_MISS/504 4018 GET http://www.ru/ - DIRECT/194.87.0.50 text/html
1251657567.525 179983 85.132.32.40 TCP_MISS/504 4069 GET http://www.squid-cache.org/Artwork/SN.png - DIRECT/12.160.37.9 text/html
1251657569.936   9407 85.132.47.219 TCP_MISS/000 0 GET http://85.132.32.34/ - DIRECT/85.132.32.34 -
1251657725.527 180669 85.132.32.40 TCP_MISS/504 4018 GET http://www.ru/ - DIRECT/194.87.0.50 text/html
1251657905.534 179988 85.132.32.40 TCP_MISS/504 4069 GET http://www.squid-cache.org/Artwork/SN.png - DIRECT/12.160.37.9 text/html
1251658194.669 112560 85.132.32.40 TCP_MISS/000 0 GET http://www.ru/ - DIRECT/www.ru -
1251658283.066  88394 85.132.32.40 TCP_MISS/000 0 GET http://www.ru/ - DIRECT/www.ru -
1251658463.543 180476 85.132.32.40 TCP_MISS/504 4018 GET http://www.ru/ - DIRECT/194.87.0.50 text/html
1251658643.547 179986 85.132.32.40 TCP_MISS/504 4069 GET http://www.squid-cache.org/Artwork/SN.png - DIRECT/12.160.37.9 text/html
1251659072.554  60493 85.132.32.40 TCP_MISS/504 4473 POST http://safebrowsing.clients.google.com/safebrowsing/downloads? - DIRECT/74.125.87.100 text/html
1251659703.563 181155 85.132.32.40 TCP_MISS/504 4018 GET http://www.ru/ - DIRECT/194.87.0.50 text/html
-- 

Best regards,
 Farhad                          mailto:inara.ibragimova@xxxxxxxxx



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux