Dear Amos, Thank you for your suggestion! The browser on the client is Chrome. Interestingly, when I try to open any link in Chrome, it tries 3 times. But, when we try from an "Incognito Mode" window, it makes only one request. Morever, there are "two" routers: one for Host -> Rtr1 -> Squid another for Squid -> Rtr2 -> Internet This was done as per your advice so that we can detect loops in the router with rules. Please check this pastebin (all data from Rtr1): http://pastebin.com/fdZpHvjn * The first line is just the logging rule that we use, which is the same (for logic) as the routing-mark rule. * The number of packets that are logged by the router between Incognito vs Non-Incognito mode of Chrome, are different. 5 (five) for Incognito Mode, and 13 (thirteen) for Non-Incognito mode. * There are 3 (three) different source ports on client IP for Non-Incognito Mode, but only 1 (one) for Incognito Mode. * All the MAC addresses are the same. Also, the router only has "policy - routing" rules which are not touched between Squid TProxy, Squid Intercept, and the "tproxy-example" software as mentioned in an earlier email. Thank you once again for looking into this Amos! Regards HASSAN On Sun, Jul 6, 2014 at 4:09 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 2014-07-06 20:18, Nyamul Hassan wrote: >> >> Thanks for the video, Eliezer! The Mikrotik configuration part was >> quite interesting! >> >> New Basic Data: >> http://pastebin.com/ULT2d4Ej >> >> Debug (All,1 89,9 17,3) >> http://pastebin.com/0Ycgtea2 >> >> Just one request from the client browser was made. The destination is >> also a server under our control. http://130.94.72.133. It is just a >> simple HTML file with the words "It works!" > > > > Hmm. Three TCP connections arrived at Squid. > > 2014/07/06 14:13:23.147 ... BEGIN: me/client= 130.94.72.133:80, > destination/me= 116.193.170.10:4246 > 2014/07/06 14:13:23.149 ... BEGIN: me/client= 130.94.72.133:80, > destination/me= 116.193.170.10:4247 > 2014/07/06 14:13:23.890 ... BEGIN: me/client= 130.94.72.133:80, > destination/me= 116.193.170.10:4248 > > Assuming that the TPROXY was configured at the time these lines were logged > it appears you have a forwarding loop, probably in the router. > > One of the key things with TPROXY is that IP address based rules in the > router do not work. Outgoing packets from Squid appear to be coming from the > client, so only rules checking the interface or MAC address work properly > work on separate routers like the Mikrotik. > > Amos
