Search squid archive

Re: Re: Three questions about Squid configuration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Eliezer,
This would be the output of your script. This is not CentOS so some things have failed... and I just obscurated the public IP related data. I tried adding the rule you proposed (as you may see in the output), but unfortunately it made no difference, I'm still having the redirect loop. 

==================== terminal type:
xterm
==================== SHELL type:
/bin/bash
\033[00;32m==================== kernel and machine info:\033[0m
Linux vps81276 2.6.32-042stab092.2 #1 SMP Tue Jul 8 10:35:55 MSK 2014 x86_64 x86_64 x86_64 GNU/Linux 
./basic_data.sh: line 48: green_mesage: command not found
./basic_data.sh: line 49: sestatus: command not found
\033[00;32m==================== iptables rules:\033[0m
# Generated by iptables-save v1.4.21 on Thu Jul 17 07:35:34 2014
*nat
:PREROUTING ACCEPT [26:1878]
:POSTROUTING ACCEPT [37:2588]
:OUTPUT ACCEPT [35:2468]
-A OUTPUT -p tcp -m owner --uid-owner 13 -m tcp --dport 3128 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT 
COMMIT
# Completed on Thu Jul 17 07:35:34 2014
# Generated by iptables-save v1.4.21 on Thu Jul 17 07:35:34 2014
*mangle
:PREROUTING ACCEPT [1063:131533]
:INPUT ACCEPT [1063:131533]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [887:158471]
:POSTROUTING ACCEPT [887:158471]
COMMIT
# Completed on Thu Jul 17 07:35:34 2014
# Generated by iptables-save v1.4.21 on Thu Jul 17 07:35:34 2014
*filter
:INPUT ACCEPT [1063:131533]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [887:158471]
COMMIT
# Completed on Thu Jul 17 07:35:34 2014
\033[00;32m==================== tproxy module loaded?:\033[0m
\033[00;32m==================== routes are:\033[0m
10.10.0.2 dev tun0  proto kernel  scope link  src 10.10.0.1
PUBLIC-IP-GATEWAY/24 dev venet0  proto kernel  scope link  src PUBLIC-IP
10.10.0.0/24 via 10.10.0.2 dev tun0
default dev venet0  scope link
\033[00;32m==================== registered route tables:\033[0m
255     local
254     main
253     default
0       unspec
\033[00;32m==================== tproxy route table:\033[0m
\033[00;32m==================== ip policy rules:\033[0m
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default
\033[00;32m==================== links info:\033[0m
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT 
    link/void
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT qlen 100 
    link/none
\033[00;32m==================== ip addresses:\033[0m
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/void
    inet 127.0.0.2/32 scope host venet0
    inet PUBLIC-IP/24 brd PUBLIC-IP-BROADCAST scope global venet0:0
    inet6 2001:41d0:52:d00::265/56 scope global
       valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100 
    link/none
    inet 10.10.0.1 peer 10.10.0.2/32 scope global tun0
\033[00;32m==================== arp list:\033[0m
\033[00;32m==================== listening TCP sockets:\033[0m
State Recv-Q Send-Q Local Address:Port Peer Address:Port 
LISTEN     0 0 10.10.0.1:53 *:*      users:(("named",800,24))
LISTEN     0 0 PUBLIC-IP:53 *:*      users:(("named",800,23))
LISTEN     0 0 127.0.0.2:53 *:*      users:(("named",800,22))
LISTEN     0 0 127.0.0.1:53 *:*      users:(("named",800,21))
LISTEN     0 0 *:22 *:*      users:(("sshd",713,3))
LISTEN     0 0 *:3127 *:*      users:(("squid3",739,10))
LISTEN     0 0 *:3128 *:*      users:(("squid3",739,9))
LISTEN     0 0 *:25 *:*      users:(("smtpd",1678,6),("master",930,12))
LISTEN     0 0 127.0.0.1:953 *:*      users:(("named",800,25))
LISTEN     0 0 :::53 :::*      users:(("named",800,20))
LISTEN     0 0 :::22 :::*      users:(("sshd",713,4))
LISTEN     0 0 :::25 :::*      users:(("smtpd",1678,7),("master",930,13))
LISTEN     0 0 ::1:953 :::*      users:(("named",800,26))
\033[00;32m==================== ulimit soft:\033[0m
core file size          (blocks, -c) unlimited
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 256184
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 4096
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) unlimited
cpu time               (seconds, -t) unlimited
max user processes              (-u) 256184
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited
\033[00;32m==================== ulimit hard:\033[0m
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 256184
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 10240
cpu time               (seconds, -t) unlimited
max user processes              (-u) 256184
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited
\033[00;31m==================== could not find squid binary file\033[0m
\033[00;31m==================== squid.conf was not found in the default location\033[0m 
\033[00;31m==================== could not find yum binary file\033[0m

Thanks!

El 16/07/2014 23:06, Eliezer Croitoru escribió:

Will be is one thing...
In any case just run the script I gave you to get the basic information from the OS it is good enough for IP address etc.. 

The rule I gave you should be on the OUTPUT as iptables claims.
I am yet not sure about the network structure and there for not sure about the issue. Do not try to intercept port 8080 for google because it wont work and the response is good for that 

Eliezer

On 07/16/2014 08:50 PM, Nicolás wrote:

I just realized that part 5 minutes ago... Sorry for the nuisance! In my
case I need to use as a proxy a different machine because otherwise I'd
have to set one per client with the same rules, which seems not very
scalable. The final schema would be this:

Client 1 \
Client 2  \
Client 3   -> squid3 server -> internet
Client 4  /
Client 5 /

Also, the server running squid3 as transparent proxy would be under a
different public IP and router than the clients (a remote server...
requirement of my company), and all of them are using just one network
interface. What iptables rules would I need to achieve this scenario?

Thanks!
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux