Hello , I am having some trouble redirecting port 80 traffic to 3129 using tproxy for transparent proxying. The SYNs come in but there is no SYN-ACK going out. Please help me !!!!! My server have only one single interface with global ip addresses wich connect directly to the internet Detailed information from my server ####################################################################### ############### Squid Cache: Version 3.1.0.13 configure options: '--enable-linux-netfilter' '--prefix=/squid/' --with-squid=/src/squid-3.1.0.13 --enable-ltdl-convenience [root@proxymain sysconfig]# cat /squid/etc/squid.conf acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl test src 85.132.47.0/24 acl test2 src 85.132.32.0/24 acl test3 src 62.212.227.0/24 acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 3129 acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localnet http_access allow localhost http_access allow test http_access allow test2 http_access allow test3 http_access deny all http_port 3128 http_port 3129 tproxy hierarchy_stoplist cgi-bin ? coredump_dir /squid/var/cache refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 cache_effective_user squid cache_effective_group squid visible_hostname proxymain cache_dir ufs /cache 6000 16 256 ###################################################################### [root@proxymain sysconfig]# iptables -V (DOWNLOADED FROM NETFILTER.ORG-NOT PATCHED) iptables v1.4.3 ####################################################################### root@proxymain sysconfig]# uname -a (DONLOADED FORM KERNEL.ORG - WITHOWT ANY PATCHES FROM bALABIT) Linux 2.6.30.5-second #1 SMP Sun Aug 30 22:45:27 AZST 2009 x86_64 x86_64 x86_64 GNU/Linux ####################################################################### Chain PREROUTING (policy ACCEPT) target prot opt source destination DIVERT tcp -- anywhere anywhere socket TPROXY tcp -- anywhere anywhere tcp dpt:80 TPROXY redirect 0.0.0.0:3129 mark 0x1/0x1 Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination Chain DIVERT (1 references) target prot opt source destination MARK all -- anywhere anywhere MARK xset 0x1/0xffffffff ACCEPT all -- anywhere anywhere ####################################################################### [root@proxymain sysconfig]# ip rule ls 0: from all lookup 255 32765: from all fwmark 0x1 lookup 100 32766: from all lookup main 32767: from all lookup default ##################################################################### [root@proxymain sysconfig]# ip route ls table 100 local default dev lo scope host ##################################################################### [root@proxymain sysconfig]# lsmod | egrep "xt|nf" nf_nat 18924 1 iptable_nat nf_conntrack_ipv4 14448 3 iptable_nat,nf_nat xt_TPROXY 2616 1 xt_tcpudp 3544 1 xt_MARK 3064 1 xt_socket 2904 1 nf_tproxy_core 3160 2 xt_TPROXY,xt_socket,[permanent] nf_conntrack 68208 4 iptable_nat,nf_nat,nf_conntrack_ipv4,xt_socket nf_defrag_ipv4 2456 3 nf_conntrack_ipv4,xt_TPROXY,xt_socket x_tables 22624 6 iptable_nat,ip_tables,xt_TPROXY,xt_tcpudp,xt_MARK,xt_socket i2c_nforce2 7768 0 i2c_core 25568 1 i2c_nforce2 ext3 123528 2 jbd 46848 1 ext3 ###################################################################### [root@proxymain sysconfig]# tcpdump -nn -i eth0 port 80 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 00:12:02.402611 IP 85.132.32.40.1532 > 85.132.32.34.80: S 3187993921:3187993921(0) win 65535 <mss 1460,nop,nop,sackOK> 00:12:02.403087 IP 85.132.32.34.80 > 85.132.32.40.1532: S 3741385741:3741385741(0) ack 3187993922 win 5840 <mss 1460,nop,nop,sackOK> 00:12:02.402697 IP 85.132.32.40.1532 > 85.132.32.34.80: . ack 1 win 65535 00:12:02.407937 IP 85.132.32.40.1532 > 85.132.32.34.80: P 1:413(412) ack 1 win 65535 00:12:02.407971 IP 85.132.32.34.80 > 85.132.32.40.1532: . ack 413 win 6432 00:12:02.408389 IP 85.132.32.40.42747 > 194.87.0.50.80: S 3750675832:3750675832(0) win 5840 <mss 1460,sackOK,timestamp 4169685 0,nop,wscale 7> 00:12:05.407861 IP 85.132.32.40.42747 > 194.87.0.50.80: S 3750675832:3750675832(0) win 5840 <mss 1460,sackOK,timestamp 4172685 0,nop,wscale 7> 00:12:11.407465 IP 85.132.32.40.42747 > 194.87.0.50.80: S 3750675832:3750675832(0) win 5840 <mss 1460,sackOK,timestamp 4178685 0,nop,wscale 7> 00:12:23.406682 IP 85.132.32.40.42747 > 194.87.0.50.80: S 3750675832:3750675832(0) win 5840 <mss 1460,sackOK,timestamp 4190685 0,nop,wscale 7> ####################################################################### ## 2009/08/30 23:31:56| Starting Squid Cache version 3.1.0.13 for x86_64-unknown-linux-gnu... 2009/08/30 23:31:56| Process ID 12787 2009/08/30 23:31:56| With 1024 file descriptors available 2009/08/30 23:31:56| Initializing IP Cache... 2009/08/30 23:31:56| DNS Socket created at 0.0.0.0, FD 7 2009/08/30 23:31:56| Adding domain caspel.com from /etc/resolv.conf 2009/08/30 23:31:56| Adding nameserver 85.132.32.41 from /etc/resolv.conf 2009/08/30 23:31:56| Adding nameserver 85.132.32.42 from /etc/resolv.conf 2009/08/30 23:31:56| Unlinkd pipe opened on FD 12 2009/08/30 23:31:56| Store logging disabled 2009/08/30 23:31:56| Swap maxSize 6144000 + 262144 KB, estimated 492780 objects 2009/08/30 23:31:56| Target number of buckets: 24639 2009/08/30 23:31:56| Using 32768 Store buckets 2009/08/30 23:31:56| Max Mem size: 262144 KB 2009/08/30 23:31:56| Max Swap size: 6144000 KB 2009/08/30 23:31:56| Version 1 of swap file without LFS support detected... 2009/08/30 23:31:56| Rebuilding storage in /cache (CLEAN) 2009/08/30 23:31:56| Using Least Load store dir selection 2009/08/30 23:31:56| Set Current Directory to /squid/var/cache 2009/08/30 23:31:56| Loaded Icons. 2009/08/30 23:31:56| Accepting HTTP connections at 0.0.0.0:3128, FD 15. 2009/08/30 23:31:56| Accepting spoofing HTTP connections at 0.0.0.0:3129, FD 16. 2009/08/30 23:31:56| HTCP Disabled. 2009/08/30 23:31:56| Squid modules loaded: 0 2009/08/30 23:31:56| Ready to serve requests. 2009/08/30 23:31:56| Done reading /cache swaplog (0 entries) 2009/08/30 23:31:56| Finished rebuilding storage from disk. 2009/08/30 23:31:56| 0 Entries scanned 2009/08/30 23:31:56| 0 Invalid entries. 2009/08/30 23:31:56| 0 With invalid flags. 2009/08/30 23:31:56| 0 Objects loaded. 2009/08/30 23:31:56| 0 Objects expired. 2009/08/30 23:31:56| 0 Objects cancelled. 2009/08/30 23:31:56| 0 Duplicate URLs purged. 2009/08/30 23:31:56| 0 Swapfile clashes avoided. 2009/08/30 23:31:56| Took 0.01 seconds ( 0.00 objects/sec). 2009/08/30 23:31:56| Beginning Validation Procedure 2009/08/30 23:31:56| Completed Validation Procedure 2009/08/30 23:31:56| Validated 25 Entries 2009/08/30 23:31:56| store_swap_size = 0 2009/08/30 23:31:57| storeLateRelease: released 0 objects [root@proxymain sysconfig]# 1251655621.226 155982 85.132.32.40 TCP_MISS/503 4143 GET http://www.squid-cache.org/Artwork/SN.png - DIRECT/www.squid-cache.org text/html 1251655621.226 107693 85.132.47.219 TCP_MISS/503 4151 GET http://www.squid-cache.org/Artwork/SN.png - DIRECT/www.squid-cache.org text/html 1251655621.230 0 85.132.32.40 TCP_MISS/503 4143 GET http://www.squid-cache.org/Artwork/SN.png - DIRECT/www.squid-cache.org text/html 1251655646.107 6457 85.132.47.219 TCP_MISS/000 0 GET http://www.google.az/ - DIRECT/www.google.az - 1251655658.226 60014 85.132.47.219 TCP_MISS/504 4510 POST http://safebrowsing.clients.google.com/safebrowsing/downloads? - DIRECT/safebrowsing.clients.google.com text/html 1251656346.912 21227 85.132.32.40 TCP_MISS/000 0 GET http://194.87.0.50/ - DIRECT/194.87.0.50 - 1251656526.724 179798 85.132.32.40 TCP_MISS/504 3977 GET http://www.ru/ - DIRECT/194.87.0.50 text/html 1251656586.724 59968 85.132.32.40 TCP_MISS/504 4069 GET http://www.squid-cache.org/Artwork/SN.png - DIRECT/12.160.37.9 text/html 1251656867.544 88637 85.132.32.40 TCP_MISS/000 0 GET http://www.ru/ - DIRECT/www.ru - 1251657043.812 176266 85.132.32.40 TCP_MISS/000 0 GET http://www.ru/ - DIRECT/www.ru - 1251657101.539 60109 85.132.32.40 TCP_MISS/504 4018 GET http://www.ru/ - DIRECT/194.87.0.50 text/html 1251657207.136 64675 85.132.32.40 TCP_MISS/000 0 GET http://www.ru/ - DIRECT/www.ru - 1251657387.522 180384 85.132.32.40 TCP_MISS/504 4018 GET http://www.ru/ - DIRECT/194.87.0.50 text/html 1251657567.525 179983 85.132.32.40 TCP_MISS/504 4069 GET http://www.squid-cache.org/Artwork/SN.png - DIRECT/12.160.37.9 text/html 1251657569.936 9407 85.132.47.219 TCP_MISS/000 0 GET http://85.132.32.34/ - DIRECT/85.132.32.34 - 1251657725.527 180669 85.132.32.40 TCP_MISS/504 4018 GET http://www.ru/ - DIRECT/194.87.0.50 text/html 1251657905.534 179988 85.132.32.40 TCP_MISS/504 4069 GET http://www.squid-cache.org/Artwork/SN.png - DIRECT/12.160.37.9 text/html 1251658194.669 112560 85.132.32.40 TCP_MISS/000 0 GET http://www.ru/ - DIRECT/www.ru - 1251658283.066 88394 85.132.32.40 TCP_MISS/000 0 GET http://www.ru/ - DIRECT/www.ru - 1251658463.543 180476 85.132.32.40 TCP_MISS/504 4018 GET http://www.ru/ - DIRECT/194.87.0.50 text/html 1251658643.547 179986 85.132.32.40 TCP_MISS/504 4069 GET http://www.squid-cache.org/Artwork/SN.png - DIRECT/12.160.37.9 text/html 1251659072.554 60493 85.132.32.40 TCP_MISS/504 4473 POST http://safebrowsing.clients.google.com/safebrowsing/downloads? - DIRECT/74.125.87.100 text/html 1251659703.563 181155 85.132.32.40 TCP_MISS/504 4018 GET http://www.ru/ - DIRECT/194.87.0.50 text/html -- Best regards, Farhad mailto:inara.ibragimova@xxxxxxxxx