Weird IPCHAINS and SQUID problem

From: Ounsted, Toby <ounstedt@dont-contact.us>
Date: Thu, 20 Apr 2000 14:56:17 +0100

This one's starting to give me a headache.. - using ipchains for transparent
proxying, the address section gets ripped out of URLs..

I'm trying to get Squid to be a transparent proxy by setting my linux box as
the default gateway and forwarding from port 80 to port 3128 as per the
Transparent Proxy howto. I've previously been using squid quite happily,
going directly to port 3128 - it works a treat.
set IPV4 forwarding and defragmentation, and set ipchains rules as follows:
(the server's called 'internet')..

[root@internet sysconfig]# ipchains -L
Chain input (policy ACCEPT):
target prot opt source destination ports
ACCEPT tcp ------ anywhere internet any ->
www
ACCEPT tcp ------ anywhere internet.psgint.com any ->
www
REDIRECT tcp ------ anywhere anywhere any ->
www => 3128
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):

If I turn of the proxy settings in the browser (i.e. try to go direct) the
address of the site I'm trying to hit seems to get mashed. For example, I
try and go to http://www.wideopen.com/story/757.html
<http://www.wideopen.com/story/757.html>
Squid responds with:

ERROR
The requested URL could not be retrieved
While trying to retrieve the URL: /story/757.html </story/757.html>
The following error was encountered:
Invalid URL
Etc.

So it's as though the first part of the URL got murdered.

The squid access log looks similar:
956237322.768 0 194.70.6.99 NONE/400 1075 GET /story/757.html - NONE/-
-

Software: MSIE5 browser, RH6.1, Squid2.2Stable4 supplied with RH6.1. Stock
kernel which already has Ipchains support built in.

Something's getting somewhere for squid to even be having a go - but the
address isn't.
TCPDump is also interesting (pooter is the client) as something is
chattering to 206.132.41.223.www (which is wideopen.com for the purposes of
this test) - despite squid's announcement that it had all gone wrong:

[root@internet sysconfig]# !tcp
tcpdump 'port 80'
Kernel filter, protocol ALL, datagram packet socket
tcpdump: listening on all devices
14:48:45.778563 eth0 < pooter.psgint.com.2608 > 206.132.41.223.www: S
2900626:2900626(0) win 8192 <mss 1460> (DF)
14:48:45.778637 eth0 > 206.132.41.223.www > pooter.psgint.com.2608: S
2802009305:2802009305(0) ack 2900627 win 30660 <mss 1460> (DF)
14:48:45.778774 eth0 < pooter.psgint.com.2608 > 206.132.41.223.www: . 1:1(0)
ack 1 win 8760 (DF)
14:48:45.779095 eth0 < pooter.psgint.com.2608 > 206.132.41.223.www: P
1:294(293) ack 1 win 8760 (DF)
14:48:45.779129 eth0 > 206.132.41.223.www > pooter.psgint.com.2608: . 1:1(0)
ack 294 win 30660 (DF)
14:48:45.780024 eth0 > 206.132.41.223.www > pooter.psgint.com.2608: P
1:1076(1075) ack 294 win 32120 (DF)
14:48:45.780230 eth0 > 206.132.41.223.www > pooter.psgint.com.2608: F
1076:1076(0) ack 294 win 32120 (DF)
14:48:45.781174 eth0 < pooter.psgint.com.2608 > 206.132.41.223.www: F
294:294(0) ack 1076 win 7685 (DF)
14:48:45.781237 eth0 > 206.132.41.223.www > pooter.psgint.com.2608: .
1077:1077(0) ack 295 win 32119 (DF)
14:48:45.781230 eth0 < pooter.psgint.com.2608 > 206.132.41.223.www: .
295:295(0) ack 1077 win 7685 (DF)

So - suggestions welcome! It's got me..

Thanks,

Toby.
Received on Thu Apr 20 2000 - 07:59:53 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:53:00 MST