On 2014-07-06 20:18, Nyamul Hassan wrote:
Thanks for the video, Eliezer! The Mikrotik configuration part was
quite interesting!
New Basic Data:
http://pastebin.com/ULT2d4Ej
Debug (All,1 89,9 17,3)
http://pastebin.com/0Ycgtea2
Just one request from the client browser was made. The destination is
also a server under our control. http://130.94.72.133. It is just a
simple HTML file with the words "It works!"
Hmm. Three TCP connections arrived at Squid.
2014/07/06 14:13:23.147 ... BEGIN: me/client= 130.94.72.133:80,
destination/me= 116.193.170.10:4246
2014/07/06 14:13:23.149 ... BEGIN: me/client= 130.94.72.133:80,
destination/me= 116.193.170.10:4247
2014/07/06 14:13:23.890 ... BEGIN: me/client= 130.94.72.133:80,
destination/me= 116.193.170.10:4248
Assuming that the TPROXY was configured at the time these lines were
logged it appears you have a forwarding loop, probably in the router.
One of the key things with TPROXY is that IP address based rules in the
router do not work. Outgoing packets from Squid appear to be coming from
the client, so only rules checking the interface or MAC address work
properly work on separate routers like the Mikrotik.
Amos
