Re: [squid-users] tproxy problem

From: Kashif Ali Bukhari <kbukhari@dont-contact.us>
Date: Wed, 7 Jun 2006 15:00:49 +0000

tproxy patch wil work with live ips

On 6/7/06, Pawe³ Staszewski <pstaszewski@artcom.pl> wrote:
> hello i have :
> kernel 2.6.15.7 with cttproxy patch applien (cleanly)
> squid 2.6 with:
> <config>
> http_port 192.168.20.2:8080
>
> linux_tproxy on
> tproxy_port 8080
> </config>
>
>
> squid lan ip:
> 192.168.20.2
> squid wan ip:
> 192.168.0.10
>
> iptables:
> iptables -L -n -v -t tproxy
> Chain PREROUTING (policy ACCEPT 579 packets, 74985 bytes)
> pkts bytes target prot opt in out source
> destination
> 10 480 TPROXY tcp -- eth1.671 * 0.0.0.0/0
> 0.0.0.0/0 tcp dpt:80 TPROXY redirect 0.0.0.0:8080
>
> Chain OUTPUT (policy ACCEPT 1899 packets, 144K bytes)
> pkts bytes target prot opt in out source
> destination
>
>
>
> and if i set proxy in web browser to: 192.168.20.2 on port 80 i have
> http access:
> but
> tcpdump -i eth0 -n -p
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth0, link-type EN10MB (Ethernet), capture size 68 bytes
> 13:46:18.251369 IP 212.77.100.128.80 > 192.168.0.10.53851: F
> 2968402288:2968402288(0) ack 1284802216 win 2742 <nop,nop,timestamp
> 3009682896 122552088>
> 13:46:18.251542 IP 192.168.0.10.53851 > 212.77.100.128.80: F 1:1(0) ack
> 1 win 7252 <nop,nop,timestamp 122554597 3009682896>
> 13:46:18.267612 IP 212.77.100.128.80 > 192.168.0.10.53851: . ack 2 win
> 2742 <nop,nop,timestamp 3009682912 122554597>
> 13:46:19.197962 IP 212.77.100.127.80 > 192.168.0.10.55233: F
> 3799766088:3799766088(0) ack 1288087522 win 8811
> 13:46:19.198033 IP 192.168.0.10.55233 > 212.77.100.127.80: F 1:1(0) ack
> 1 win 32767
> 13:46:19.214958 IP 212.77.100.127.80 > 192.168.0.10.55233: . ack 2 win 8811
>
> All outgoing connections from squid are with squid-wan-ip not my test
> box ip which is 172.16.0.2
>
>

-- 
Syed Kashif Ali Bukhari
+92-300-4295604
Network Engineer
Beaconhouse IT Services, Lahore Pakistan
Received on Wed Jun 07 2006 - 09:00:53 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Jul 01 2006 - 12:00:01 MDT