[squid-users] TPROXY Issues

From: Jamie Orzechowski <admin_at_ripnet.com>
Date: Tue, 24 Mar 2009 15:00:49 -0400

I am back trying to solve my tproxy issues.

Running Ubuntu server with Kernel 2.6.28-11-server, iptables v1.4.3.1,
squid 3.1.0.6

I am able to browse transparently but proxy test sites still detect the
cache.

http://www.whatismyip.com says the following

Your IP Address Is 66.78.98.25
Other IPs Detected: 66.78.102.2
Possible Proxy Detected: 1.1 cache-01.ripnet.com (squid/3.1.0.6)

Why is this site detecting my proxy??

----------------------------------------------------
Squid Cache: Version 3.1.0.6
configure options: '--prefix=/usr' '--includedir=/include'
'--mandir=/share/man' '--infodir=/share/info' '--sysconfdir=/etc'
'--localstatedir=/var' '--libexecdir=/lib/squid3'
'--disable-maintainer-mode' '--disable-dependency-tracking' '--srcdir=.'
'--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3'
'--mandir=/usr/share/man' '--with-cppunit-basedir=/usr'
'--enable-inline' '--enable-async-io=32'
'--enable-storeio=ufs,aufs,diskd' '--enable-removal-policies=lru,heap'
'--enable-delay-pools' '--enable-cache-digests' '--enable-underscores'
'--enable-icap-client' '--enable-follow-x-forwarded-for'
'--with-filedescriptors=65536' '--with-default-user=proxy'
'--enable-linux-netfilter' --with-squid=/tmp/squid-3.1.0.6
--enable-ltdl-convenience

TPROXY Rules

/usr/local/sbin/iptables -t mangle -N DIVERT
/usr/local/sbin/iptables -t mangle -A DIVERT -j MARK --set-mark 1
/usr/local/sbin/iptables -t mangle -A DIVERT -j ACCEPT
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
/usr/local/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 80 -j
TPROXY --tproxy-mark 0x1/0x1 --on-port 3129

ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100

echo 1 > /proc/sys/net/ipv4/ip_forward

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=
Jamie Orzechowski - CCNA
RipNET Ltd. System/Network Administrator
Tel.: 613-342-3946 x294
THIS MESSAGE IS INTENDED ONLY FOR THE ADDRESSEE, 
IT MAY CONTAIN PRIVILEGED OR CONFIDENTIAL INFORMATION.  
ANY UNAUTHORIZED DISCLOSURE IS STRICTLY PROHIBITED.  
IF YOU HAVE RECEIVED THIS MESSAGE IN ERROR, 
PLEASE NOTIFY ME IMMEDIATELY SO THAT I MAY CORRECT MY 
INTERNAL RECORDS.  PLEASE THEN DELETE THE ORIGINAL MESSAGE.
=-=-=-=-=-=-=-=-=-=-=-=-= 
Received on Tue Mar 24 2009 - 19:01:16 MDT

This archive was generated by hypermail 2.2.0 : Wed Mar 25 2009 - 12:00:02 MDT