On Mon, 10 Aug 2009 20:30:05 -0300, Carlos Botejara <cbotejara_at_gmail.com>
wrote:
> OK.
>
> Ok. I did what you told me, modify the rule, but nothing happened ..
> everything remains the same
> Rule amended
> iptables-t mangle-A PREROUTING-p tcp - dport 80-j TPROXY - tproxy-mark
> 0x1/0x1 - on-port 3129
Hm, okay. Then you need to find out exactly how the clients are connecting
to that site and why its not working.
Amos
>
> 2009/8/9 Amos Jeffries <squid3_at_treenet.co.nz>:
>> On Sun, 9 Aug 2009 10:58:23 -0300, Carlos Botejara <cbotejara_at_gmail.com>
>> wrote:
>>> hi, this is my first post here.
>>> I have a problem, but first I describe the scenario
>>> I have clients with public IP
>>> Mikrotik router redirecting traffic to SQUID
>>> Squid 3.1 with support for TPROXY
>>> Iptables 1.4.4 with support for TPROXY
>>> Debian Lenny / Kernel 2.6.28 with support for TPROXY
>>>
>>> well.
>>> The proxy works as well, and when I made some test pages whatismyip,
>>> shows that the ip is the CLIENT.
>>> However. I can not get my clients with public IP address
>>> simultaneously downloading from RapidShare / Megaupload ETC. The error
>>> shown within these pages is the typical already are downloading from
>>> that ip, so if viewing RapidShare IP SQUID in reality and not the
>>> client. How fix this?
>>>
>>> the configuration file of squid in the harbor is well
>>>
>>> http_port 81 tproxy
>>>
>>> Iptables:
>>>
>>> iptables -t mangle -N DIVERT
>>> iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
>>> iptables -t mangle -A DIVERT -j MARK --set-mark 1
>>> iptables -t mangle -A DIVERT -j ACCEPT
>>> iptables -t mangle -A PREROUTING -p tcp --dport 3128 -j TPROXY
>>> --tproxy-mark 0x1/0x1 --on-port 81
>>
>> You have this rule ass-backwards.
>>
>> TPROXY is intended to intercept port 80 traffic, not port 3128 traffic.
>> When the client is NOT configured to use the proxy. The HTTP request
>> formats are noticeably different. It's trivially easy to detect those
>> differences and probably what rapidshare is doing.
>>
>> Please go back and use the http://wiki.squid-cache.org/Features/Tproxy4
>> documentation and configuration example.
>>
>>>
>>> ip rule add fwmark 1 lookup 100
>>> ip route add local 0.0.0.0/0 dev lo table 100
>>>
>>> echo 1 > /proc/sys/net/ipv4/ip_forward
>>>
>>>
>>> Mikrotik:
>>> Have a rule in the firewall to redirect all traffic to port 80 of the
>>> SQUID to the IP, port 3128
>>>
>>> All clients create sessions PPPOE in Router Mikrotik
>>>
>>> May help?
>>>
>>> Regards
>>
>> Amos
>>
Received on Mon Aug 10 2009 - 23:50:46 MDT
This archive was generated by hypermail 2.2.0 : Wed Aug 12 2009 - 12:00:02 MDT