Re: ICMP tcp port 80 unreachable [tos 0xc0]

From: Henrique Pantarotto <scanner@dont-contact.us>
Date: Wed, 12 May 1999 17:41:17 -0300

Squid friends,

I've upgraded the Linux kernel to 2.2.8 using only the options provided
from the Squid FAQ.

And transparent proxying is done to LINUX with ipchains like this:

ipchains -A input -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 80 -j REDIRECT 3128

But if I issue:

tcpdump -n -i eth0 src or dst 200.231.199.10 and proto ICMP

I get lots of lines like this:

17:29:16.470567 200.231.199.10 > 200.231.199.94: icmp: 200.239.234.31 tcp
port 80 unreachable [tos 0xc0]
17:29:16.474561 200.231.199.10 > 200.246.104.30: icmp: 200.246.5.65 tcp
port 80 unreachable [tos 0xc0]
17:29:16.479707 200.231.199.10 > 200.246.104.194: icmp: 192.160.13.190 tcp
port 80 unreachable [tos 0xc0]
17:29:16.483313 200.231.199.10 > 200.231.199.193: icmp: 200.211.190.120 tcp
port 80 unreachable [tos 0xc0]
17:29:16.509855 200.231.199.10 > 200.246.104.194: icmp: 192.160.13.190 tcp
port 80 unreachable [tos 0xc0]
17:29:16.557626 200.231.199.10 > 200.231.199.94: icmp: 200.244.143.130 tcp
port 80 unreachable [tos 0xc0]
17:29:16.652598 200.231.199.10 > 200.246.104.194: icmp: 192.160.13.190 tcp
port 80 unreachable [tos 0xc0]
17:29:16.669340 200.231.199.10 > 200.231.199.94: icmp: 200.239.234.31 tcp
port 80 unreachable [tos 0xc0]
17:29:16.682216 200.231.199.10 > 200.231.199.193: icmp: 200.246.5.92 tcp
port 80 unreachable [tos 0xc0]
17:29:16.701558 200.231.199.10 > 200.231.184.154: icmp: 200.236.96.3 tcp
port 80 unreachable [tos 0xc0]
17:29:16.712711 200.231.199.10 > 200.246.104.194: icmp: 192.160.13.190 tcp
port 80 unreachable [tos 0xc0]
17:29:16.872140 200.231.199.10 > 200.231.199.193: icmp: 200.246.5.65 tcp
port 80 unreachable [tos 0xc0]
17:29:16.897651 200.231.199.10 > 200.246.104.30: icmp: 209.216.198.28 tcp
port 80 unreachable [tos 0xc0]
17:29:16.907305 200.231.199.10 > 200.246.104.194: icmp: 192.160.13.190 tcp
port 80 unreachable [tos 0xc0]
17:29:16.978527 200.231.199.10 > 200.246.104.194: icmp: 192.160.13.190 tcp
port 80 unreachable [tos 0xc0]
17:29:17.058339 200.231.199.10 > 200.246.104.14: icmp: 129.187.254.93 tcp
port 80 unreachable [tos 0xc0]
17:29:17.062938 200.231.199.10 > 200.231.199.193: icmp: 206.132.173.34 tcp
port 80 unreachable [tos 0xc0]
17:29:17.064520 200.231.199.10 > 200.246.104.14: icmp: 200.248.149.46 tcp
port 80 unreachable [tos 0xc2]
17:29:17.070217 200.231.199.10 > 200.246.104.14: icmp: 200.248.149.46 tcp
port 80 unreachable [tos 0xc2]
17:29:17.077343 200.231.199.10 > 200.246.104.14: icmp: 200.248.149.46 tcp
port 80 unreachable [tos 0xc2]
17:29:17.082280 200.231.199.10 > 200.246.104.30: icmp: 200.246.5.65 tcp
port 80 unreachable [tos 0xc0]
17:29:17.084175 200.231.199.10 > 200.246.104.30: icmp: 200.246.5.65 tcp
port 80 unreachable [tos 0xc0]
17:29:17.086047 200.231.199.10 > 200.246.104.30: icmp: 200.246.5.65 tcp
port 80 unreachable [tos 0xc0]
17:29:17.114694 200.231.199.10 > 200.246.104.30: icmp: 209.216.198.28 tcp
port 80 unreachable [tos 0xc0]

Squid works, but when you are surfing, some web pages don't load intirely,
and stays there waiting forever... this is very strange.

200.231.199.10 is the Linux/Squid box. 200.246.104.0/24, 200.231.199.0/24
and 200.231.184.0/24 are my users.

Perhaps this forwarding thing doesn't work well with Kernel 2.2.x? Or
perhaps other kernel options must be compiled with it.

Can someone help? Should I bug the people from the linux-net mailing-list too?
;-)

Thanks!!!

Henrique Pantarotto
Coord. Técnico Operacional
CEPAnet Internet Provider
Web: http://www.cepa.com.br
Tel. suporte: +55 (011) 5506-8477
Sao Paulo - Brasil
Linux Friend
Received on Wed May 12 1999 - 14:34:57 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:46:16 MST