On 05.03.2012 06:40, pplive wrote:
Dear Amos,
Thanks a lot! By looking at your URL, I have enter the following
commands in my squid3 machine (my HTTP service is at PORT 8080), the
squid3 proxy machine is at 10.0.3.1, HTTP server (noder) is at
10.0.2.1, HTTP client (nodes) is at 10.0.1.1:
yeung@nodec1:~$ sudo iptables -t nat -A PREROUTING -s 10.0.3.1 -p tcp
--dport 8080 -j ACCEPT
yeung@nodec1:~$ sudo iptables -t nat -A PREROUTING -p tcp --dport
8080
-j DNAT --to-destination 10.0.3.1:3128
yeung@nodec1:~$ sudo iptables -t nat -A POSTROUTING -j MASQUERADE
yeung@nodec1:~$ sudo iptables -t mangle -A PREROUTING -p tcp --dport
3128 -j DROP
<snip>
However, the proxy still has some problem, when we start wget from
the
HTTP client
yeung@nodes:~$ wget 10.0.2.1:8080
--2012-03-04 09:31:39-- http://10.0.2.1:8080/
Connecting to 10.0.2.1:8080... ^C
So far good (modulo the testing with port-8080 factor).
yeung@nodes:~$
We look at the TCPDUMP result at squid3 machine (10.0.3.1), we see
the
following message:
09:31:39.384558 IP nodes-links.51902 > noder-linkr.http-alt: Flags
[S], seq 2501418596, win 5840, options [mss 1460,sackOK,TS val
38022185 ecr 0,nop,wscale 6], length 0
09:31:42.379034 IP nodes-links.51902 > noder-linkr.http-alt: Flags
[S], seq 2501418596, win 5840, options [mss 1460,sackOK,TS val
38022935 ecr 0,nop,wscale 6], length 0
It seems that there were some HTTP-alt traffic coming in from the
switch, but no HTTP traffic going out of the squid3 machine.
Is this a dump of all packets involving port 8080? or did you add an IP
address or interface direction to hide some packets?
Does Squid already have a cached copy of the URL object being used as a
test?
Amos
