Re: [squid-users] Squid and Mirrored Router Ports

From: Neil A. Hillard <neil.hillard@dont-contact.us>
Date: Tue, 17 Apr 2007 12:24:52 +0100

Hi,

Edward C. Jakosalem wrote:
> I have posted this same problem before but I want to post it again because
> I am pressured to make this work with Squid. I know that Squid's use is
> either an accelerator or proxy or both. But we want Squid to _only_
> capture web traffic and log them, that's all. As such, I have configured
> my server to act as transparent proxy.
>
> My server is running Fedora 5 with Squid 2.6 (just downloaded and
> installed the latest version today). I also have 2 ethernet cards on this
> server:
> eth0 - public IP
> eth2 - private IP and is directly connected to a router's _mirrored_
> port. I can confirm that there is traffic originating from this
> interface.
>
> My squid.conf contains the following line which makes it a transparent proxy:
> http_port 3128 transparent
>
> Also according to the docs, I added the following line to my iptables:
> -A PREROUTING -i eth2 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
>
> With this setup, my server should be up and capturing data from eth2. But
> I still don't see any traffic being logged by Squid. I have configured my
> browser to use this proxy server to check if it works and it does.
>
> So what else do I need to do.

Personally, I don't think you'll ever get it to work. Even when squid
is set up as an intercepting proxy it still takes an active role at the
TCP/IP layer (effectively it pretends to be the destination server).

What you'll probably be seeing (with netstat?) is the fact that your
machine is seeing lots of SYNs but because it is on a mirrored port the
SYN-ACKs that are sent out in response are being dropped by the switch.
 Even if they weren't they'd be confusing the hell out of the client!

You need an application that will passively monitor the data and then
log the contents. Squid isn't designed for that.

HTH,

                                Neil. 

-- 
Neil Hillard                    neil.hillard@agustawestland.com
AgustaWestland                  http://www.whl.co.uk/
Disclaimer: This message does not necessarily reflect the
            views of Westland Helicopters Ltd.
Received on Tue Apr 17 2007 - 05:25:06 MDT

This archive was generated by hypermail pre-2.1.9 : Tue May 01 2007 - 12:00:01 MDT