Re: [squid-users] Transparent Proxy weirdness

On Wed, 2003-04-30 at 07:04, Henrik Nordstrom wrote:
> > > What does Squid say in access.log when trying to process these
> > > requests?
> >
> > 1051663662.008 239293 192.168.0.42 TCP_MISS/504 1375 GET
> > http://www.slashdot.org:3128/ - NONE/- text/html
>
>
> Odd.. This can only happen if the user requested port 3128, or if
> "httpd_accel_port virtual" is used..

Unfortunately, that is not true. None of my clients are configured to
use proxy. Tcpdump shows that all client requests are for port 80. And
I'm not the only one exhibiting this problem.

Here are the concurrent results of tcpdump on the external and internal
interfaces of my firewall. You'll see that squid completes the TCP
handshake on the backend (dc1), then proceeds to connect to the remote
client (207.44.212.20) on port 3128. I've also included my squid.conf
file and the relevant redirection rule.

[backend - dc1 - 192.168.0.0/24]
-bash-2.05b# tcpdump -ni dc1 host 207.44.212.20 and not port 22 and not
port 53
tcpdump: listening on dc1
07:51:32.599294 192.168.0.10.33195 > 207.44.212.20.80: S
3675173296:3675173296(0) win 5840 <mss 1460,sackOK,timestamp 49438214
0,nop,wscale 0> (DF)
07:51:32.599719 207.44.212.20.80 > 192.168.0.10.33195: S
1220368359:1220368359(0) ack 3675173297 win 65535 <mss
1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp
438111131 49438214> (DF)
07:51:32.601791 192.168.0.10.33195 > 207.44.212.20.80: . ack 1 win 5840
<nop,nop,timestamp 49438214 438111131> (DF)
07:51:32.818366 192.168.0.10.33195 > 207.44.212.20.80: P 1:839(838) ack
1 win 5840 <nop,nop,timestamp 49438236 438111131> (DF)
07:51:33.009103 207.44.212.20.80 > 192.168.0.10.33195: . ack 839 win
65535 <nop,nop,timestamp 438111132 49438236> (DF)
07:51:35.274282 207.44.212.20.80 > 192.168.0.10.33195: P 1:1366(1365)
ack 839 win 65535 <nop,nop,timestamp 438111136 49438236> (DF)
07:51:35.278842 192.168.0.10.33195 > 207.44.212.20.80: . ack 1366 win
8190 <nop,nop,timestamp 49438482 438111136> (DF)
07:51:35.337065 207.44.212.20.80 > 192.168.0.10.33195: F 1366:1366(0)
ack 839 win 65535 <nop,nop,timestamp 438111136 49438482> (DF)
07:51:35.374684 192.168.0.10.33195 > 207.44.212.20.80: . ack 1367 win
8190 <nop,nop,timestamp 49438492 438111136> (DF)
07:51:39.414930 192.168.0.10.33195 > 207.44.212.20.80: F 839:839(0) ack
1367 win 8190 <nop,nop,timestamp 49438896 438111136> (DF)
07:51:39.415157 207.44.212.20.80 > 192.168.0.10.33195: . ack 840 win
65535 <nop,nop,timestamp 438111144 49438896> (DF)
^C

[frontend - dc0 - 68.65.108.43]
-bash-2.05b# tcpdump -ni dc0 host 207.44.212.20 and not port 22 and not
port 53
tcpdump: listening on dc0
07:51:32.820079 68.65.108.43.43228 > 207.44.212.20.3128: S
310195978:310195978(0) win 65535 <mss 1460,nop,nop,sackOK,nop,wscale
0,nop,nop,timestamp 438111131 0> (DF)
07:51:32.898393 207.44.212.20.3128 > 68.65.108.43.43228: R 0:0(0) ack
310195979 win 0 (DF)
07:51:32.898964 68.65.108.43.8922 > 207.44.212.20.3128: S
213480510:213480510(0) win 65535 <mss 1460,nop,nop,sackOK,nop,wscale
0,nop,nop,timestamp 438111131 0> (DF)
07:51:32.967213 207.44.212.20.3128 > 68.65.108.43.8922: R 0:0(0) ack
213480511 win 0 (DF)
...
<snipped series of SYN - RST connections>
...
07:51:35.143974 68.65.108.43.35390 > 207.44.212.20.3128: S
1791821371:1791821371(0) win 65535 <mss 1460,nop,nop,sackOK,nop,wscale
0,nop,nop,timestamp 438111136 0>
(DF)
07:51:35.206404 207.44.212.20.3128 > 68.65.108.43.35390: R 0:0(0) ack
1791821372 win 0 (DF)
07:51:35.206865 68.65.108.43.7816 > 207.44.212.20.3128: S
980315325:980315325(0) win 65535 <mss 1460,nop,nop,sackOK,nop,wscale
0,nop,nop,timestamp 438111136 0> (DF)
07:51:35.272056 207.44.212.20.3128 > 68.65.108.43.7816: R 0:0(0) ack
980315326 win 0 (DF)

[/etc/squid/squid.conf]
-bash-2.05b# cat /etc/squid/squid.conf
#http_port 127.0.0.1:80
http_port 127.0.0.1:3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl our_networks src 192.168.0.0/24
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl Safe_ports port 80 # http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access allow our_networks
http_access deny to_localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny all
coredump_dir /var/squid/cache
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

[pfctl -vsn | grep www]
-bash-2.05b# pfctl -vsn | grep 127.0.0.1
rdr on dc1 inet proto tcp from any to any port = www -> 127.0.0.1 port
3128

-- 
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net