Re: [squid-users] wccpv2+squid3.1+tproxy4 from Haralds.Ulmanis_at_telcobalt.net on 2009-09-20 (squid-users)

From: <Haralds.Ulmanis_at_telcobalt.net>
Date: Mon, 21 Sep 2009 06:34:07 +0300

Got working, but ip not spoofed (opened web site to show my actual ip).

Here is my configuration.
linux (iptables v1.4.3.2, kernel Linux version 2.6.30-gentoo-r4):

modprobe ip_gre
ip tunnel add wccp2 mode gre remote <cisco wccp routerid> local xx.xx.xx.xx
dev eth0
ip addr add 127.0.0.2 dev wccp2
ip link set wccp2 up
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING -i wccp2 -p tcp --dport 80 -j TPROXY
--tproxy-mark 0x1/0x1 --on-port 3129
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
echo 1 > /proc/sys/net/ipv4/ip_forward
#rp is set to 0

squid.conf:
(Squid Cache: Version 3.1.0.13
configure options: '--prefix=/usr' '--host=x86_64-pc-linux-gnu'
'--mandir=/usr/share/man' '--infodir=/usr/share/info'
'--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib'
'--sysconfdir=/etc/squid' '--libexecdir=/usr/libexec/squid'
'--localstatedir=/var' '--datadir=/usr/share/squid'
'--with-logdir=/var/log/squid' '--with-default-user=squid'
'--enable-auth=basic,digest,negotiate,ntlm'
'--enable-removal-policies=lru,heap'
'--enable-digest-auth-helpers=password'
'--enable-basic-auth-helpers=DB,PAM,LDAP,getpwnam,NCSA,MSNT'
'--enable-external-acl-helpers=ldap_group,ip_user,session,unix_group'
'--enable-ntlm-auth-helpers=fakeauth' '--enable-negotiate-auth-helpers='
'--enable-useragent-log' '--enable-cache-digests' '--enable-delay-pools'
'--enable-referer-log' '--enable-arp-acl' '--with-large-files'
'--with-filedescriptors=8192' '--disable-caps' '--disable-ipv6'
'--enable-snmp' '--enable-ssl' '--disable-icap-client' '--disable-zph-qos'
'--enable-storeio=ufs,diskd,aufs' '--enable-linux-netfilter'
'--enable-epoll' '--libdir=/usr/lib64' '--build=x86_64-pc-linux-gnu'
'build_alias=x86_64-pc-linux-gnu' 'host_alias=x86_64-pc-linux-gnu'
'CC=x86_64-pc-linux-gnu-gcc' 'CFLAGS=-O2 -march=athlon64 -pipe -msse -msse2
-mmmx -m3dnow -fexpensive-optimizations -mfpmath=sse,387
-fomit-frame-pointer -funroll-all-loops -funit-at-a-time -fpeel-loops
-ftracer -funswitch-loops -DNUMTHREADS=100' 'LDFLAGS=-Wl,-O1' 'CXXFLAGS=-O2
-march=athlon64 -pipe -msse -msse2 -mmmx -m3dnow -fexpensive-optimizations
-mfpmath=sse,387 -fomit-frame-pointer -funroll-all-loops -funit-at-a-time
-fpeel-loops -ftracer -funswitch-loops -DNUMTHREADS=100'
--with-squid=/var/tmp/portage/net-proxy/squid-3.1.0.13_beta-r1/work/squid-3.1.0.13
--enable-ltdl-convenience
)
http_port 3129 tproxy
wccp2_router yyy.yyy.yyy.yyy (cisco wccp routerid is different from ip i
receive wccp2 messages)
wccp_version 4
wccp2_rebuild_wait off
wccp2_forwarding_method gre
wccp2_return_method gre
wccp2_assignment_method hash
wccp2_service standard 0

cisco (12.2(33)SXH5):
ip wccp web-cache redirect-list 150
Interface G1/2
ip wccp web-cache redirect in

on linux squid box tcpdump sample (86.54.telcobalt.lv is my client
address):
wccp2:
06:03:53.996000 IP 86.54.telcobalt.lv.1583 > ew-in-f166.google.com.http: .
ack 2786110127 win 65535
06:03:53.997666 IP 86.54.telcobalt.lv.1583 > ew-in-f166.google.com.http: P
0:967(967) ack 1 win 65535
06:03:54.004000 IP 86.54.telcobalt.lv.1555 > ew-in-f157.google.com.http: .
ack 2523 win 65535
06:03:54.161273 IP 86.54.telcobalt.lv.1580 > ew-in-f166.google.com.http: P
2455:3452(997) ack 1433 win 64103
06:03:54.172000 IP 86.54.telcobalt.lv.1574 > ew-in-f157.google.com.http: .
ack 5011 win 65119
06:03:54.200000 IP 86.54.telcobalt.lv.1581 > ew-in-f147.google.com.http: .
ack 1122 win 64414
06:03:54.200000 IP 86.54.telcobalt.lv.1555 > ew-in-f157.google.com.http: .
ack 2801 win 65257
06:03:54.332000 IP 86.54.telcobalt.lv.1583 > ew-in-f166.google.com.http: .
ack 359 win 65177
06:03:54.451705 IP 86.54.telcobalt.lv.1580 > ew-in-f166.google.com.http: .
ack 1791 win 65535

eth0:
06:03:53.997801 IP ew-in-f166.google.com.http > 86.54.telcobalt.lv.1583: .
ack 968 win 7736
06:03:54.006927 IP ew-in-f157.google.com.http > 86.54.telcobalt.lv.1555: .
361:1821(1460) ack 1040 win 18702
06:03:54.007024 IP ew-in-f157.google.com.http > 86.54.telcobalt.lv.1555: P
1821:2522(701) ack 1040 win 18702
06:03:54.007610 IP ew-in-f157.google.com.http > 86.54.telcobalt.lv.1555: P
2522:2800(278) ack 1040 win 18702
06:03:54.011385 IP ew-in-f166.google.com.http > 86.54.telcobalt.lv.1580: P
1075:1433(358) ack 2456 win 10200
06:03:54.022012 IP ew-in-f147.google.com.http > 86.54.telcobalt.lv.1581: P
762:1122(360) ack 1398 win 8184
06:03:54.108234 IP ew-in-f166.google.com.http > 86.54.telcobalt.lv.1583: P
1:359(358) ack 968 win 7736
06:03:54.161347 IP ew-in-f166.google.com.http > 86.54.telcobalt.lv.1580: .
ack 3453 win 12240
06:03:54.172000 IP ew-in-f157.google.com.http > 86.54.telcobalt.lv.1574: P
4594:5010(416) ack 1 win 9135
06:03:54.219880 IP ew-in-f166.google.com.http > 86.54.telcobalt.lv.1580: P
1433:1791(358) ack 3453 win 12240
Received on Mon Sep 21 2009 - 03:30:45 MDT

This archive was generated by hypermail 2.2.0 : Mon Sep 21 2009 - 12:00:02 MDT