Re: [squid-users] HTTPS & transparent proxy from Daniel EPEE LEA on 2006-03-10 (squid-users)

From: Daniel EPEE LEA <epeelea@dont-contact.us>
Date: Fri, 10 Mar 2006 16:54:01 -0800

Hello,

Thanks for your replies,

Much details on my setup.

I have :

1- Loaded ip_gre module in the kernel ( I didn't use ip_wccp module)

2- My Iptables redirection entry
[root@svr ~]# iptables -nL -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:80 redir ports 3128

3- My /etc/sysctl.conf
# Controls IP packet forwarding
net.ipv4.ip_forward = 1

# Controls source route verification
net.ipv4.conf.default.rp_filter = 0

# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0

4- I have created enabled CEF on the outbound interface, and desabled
cef routing on my router's network local interface (the one in the
same net as the transparent proxy)
-----------
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip wccp version 1
ip wccp web-cache
!
!
no ip dhcp use vrf connected
!
!
ip cef
no ip ips deny-action ips-interface
!
interface Ethernet0
ip address default-GW 255.255.255.xx
no ip route-cache cef
full-duplex
!
interface FastEthernet0
ip address external.6 255.255.255.yy
ip wccp web-cache redirect out
speed auto
full-duplex
!
--------

I can see through tcpdump -i bond0 port 2048
that all the http packets going outside my network are sent by the
router to the squid server, but they are not processed by squid.
access.log is empty.

It works for one second, and then stop,

[root@cache ~]# tcpdump -i bond0 port 2048
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on bond0, link-type EN10MB (Ethernet), capture size 96 bytes
01:40:23.121220 IP cache.net.com.2048 > xxxx.33.2048: UDP, length 52
01:40:23.124210 IP xxxx.x.33.2048 > cache.net.com.2048: UDP, length 64
01:40:33.590158 IP cache.net.com.2048 > xxxx.33.2048: UDP, length 52
01:40:33.593084 IP xxxx.33.2048 > cache.net.com.2048: UDP, length 64
01:40:43.860186 IP cache.net.com.2048 > xxxx.33.2048: UDP, length 52
01:40:43.863289 IP xxxx.33.2048 > cache.net.com.2048: UDP, length 64
01:40:54.118201 IP cache.net.com.2048 > xxxx.33.2048: UDP, length 52
01:40:54.121165 IP xxxx.33.2048 > cache.net.com.2048: UDP, length 64
01:41:03.866463 IP cache.net.com.2048 > xxxx.33.2048: UDP, length 52
01:41:03.869469 IP xxxx.33.2048 > cache.net.com.2048: UDP, length 64

10 packets captured
10 packets received by filter
0 packets dropped by kernel
[root@svr ~]# tail -f /var/log/squid/access.log
1141763404.652 5 66.219.100.118 TCP_DENIED/403 1442 POST
http://66.219.100.118:25/ - NONE/- text/html
1141763404.709 0 66.219.100.118 TCP_DENIED/403 1424 CONNECT
mx2.gawab.com:25 - NONE/- text/html
1141765495.830 2 69.93.201.244 TCP_DENIED/403 1484 GET
http://195.24.216.45/w00tw00t.at.ISC.SANS.DFind:) - NONE/- text/html
1141769992.613 3 66.219.100.118 TCP_DENIED/403 1442 POST
http://66.219.100.118:25/ - NONE/- text/html
1141769992.617 0 66.219.100.118 TCP_DENIED/403 1424 CONNECT
mx2.gawab.com:25 - NONE/- text/html
1141783970.867 0 219.136.247.96 TCP_DENIED/403 1471 GET
http://www.freeydz.com/proxy/prx1.php - NONE/- text/html
1141807200.078 0 206.113.108.11 TCP_DENIED/403 1484 GET
http://195.24.216.45/w00tw00t.at.ISC.SANS.DFind:) - NONE/- text/html
1141825165.692 3 71.96.106.12 TCP_DENIED/403 1433 GET
http://195.24.216.45/ - NONE/- text/html
1141834653.550 4 70.169.135.125 TCP_DENIED/403 1433 GET
http://195.24.216.45/ - NONE/- text/html
1141839566.108 665 220.163.82.38 TCP_DENIED/403 1433 GET
http://195.24.216.45/ - NONE/- text/html
---------------------

Thanks for your much appreciated advice.

Regards

Dan

On 3/10/06, Henrik Nordstrom <henrik@henriknordstrom.net> wrote:
> fre 2006-03-10 klockan 16:06 -0800 skrev Daniel EPEE LEA:
> > Hi Guys,
> >
> > I have configured a transparent proxy and I am having a hard time to
> > get it to work,
> > I run RHEL v4 + latest stable Squid 12 + cisco IOS 12.3.(14)T2
> >
> > when my browser is configured with port 80 or 3128, it works, but it
> > doesn work in transparent mode. Please advise me.
>
>
> Don't break protocols, configure the browser to use the proxy.
>
>
> The Squid FAQ contains howtos on how to set up transparent intercetion
> in many different environment. Start by reading that. If you still have
> issues please return describing a little more in detail what issues you
> have, and what you have done.
>
> Regards
> Henrik
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.1 (GNU/Linux)
>
> iD8DBQBEEhfp516QwDnMM9sRAjmSAJ9MADgYBw17OxzWq9sR/JzrmEsFPwCfYLxU
> D9sXPqdfU0XIEM6Qg6v4p+w=
> =isXW
> -----END PGP SIGNATURE-----
>
>
>
Received on Fri Mar 10 2006 - 17:54:02 MST

This archive was generated by hypermail pre-2.1.9 : Sat Apr 01 2006 - 12:00:03 MST