On 14.09.19 23:57, sknz wrote:
eht1 is not useless really, Coovachilli created tun0 under eth1. Yes, I've heard about stateful firewall, though this is not my domain of expertise.
it's very hard to guess what's the problem and how should the solution look like, when someone does this to passing network traffic. Correct solutions may work, incorrect may not, when someone does modify traffic like this.
/CoovaChilli takes control of the internal interface (eth1) using a raw promiscuous socket. It then uses the vtun kernel module to bring up a virtual interface tun0 to pass and receive packets to and from the eth0(WAN). In fact, the vtun kernel module is used to move IP packets from the kernel to user mode, in such a way that CoovaChilli can function without any non-standard kernel modules. CoovaChilli then provides DHCP, ARP, and HTTP Hijacking on the "dhcpif" interface, in our case that's eth0/
I believe you should ask in coovachilli forums/lists for proper solutions. However, from packet capture it seems that requests are really getting to squid (they are being responded to), so squid logs shouls show. Or, it may be the coovachilli manipulating them. Try asking coovchilli. -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Atheism is a non-prophet organization. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
