[squid-users] Re: transparent proxy on remote box issue

From: WorkingMan <signup_mail2002_at_yahoo.com>
Date: Thu, 31 Oct 2013 20:52:38 +0000 (UTC)

> I am suspecting something is going on but I am just not seen it in the
> tshark is not catching anything either by host <IP> or port 3130 on either
> VPN/SQUID. Does the TPROXY way work for SQUID on a remote server because I
> was going to try that next?
> ping, dns lookup all seems normal except for port 80 (all apps not using
> port 80 works). with clean.rules set using your suggested rules I see this
> (client can browse but doesn't look like it went to SQUID server at all)
> Src: (, VPN client), Dst: (amazon)
> Src: (, VPN), Dst: (
> Src: (, Dst: (
> Let's just say things look normal.
> With proxy.rules (policy based routing), I see alot of TCP retransmission
> from VPN client/server to the web server.
> -> TCP 78 60440 > http [SYN] Seq=0 Win=65535
> MSS=1240 WS=16 TSval=230783310 TSecr=0 SACK_PERM=1
> -> TCP 78 [TCP Retransmission] 60437 > http
> Seq=0 Win=65535 Len=0 MSS=1240 WS=16 TSval=230783793 TSecr=0 SACK_PERM=1
> -> TCP 78 [TCP Retransmission] 60438 > http
> Seq=0 Win=65535 Len=0 MSS=1240 WS=16 TSval=230783995 TSecr=0 SACK_PERM=1
> it does this until it gives up. I hope that rings a bell. I could be
> debugging this wrong and not seen the obvious. There is no trace on SQUID
> server or its log so I assume traffic didn't made it over. On VPN server
> when I do a query to a web site it works which is weird because I thought
> should also get routed since all tcp on eth0 ared marked (also no log in
> access.log on squid side so it's not routed).
> Thanks,

Update. Found this, https://forums.gentoo.org/viewtopic-t-932554-start-
0.html, that helped me look at the mac address of the src/dst.

With proxy.rules now with above info I see mac address of the web site is
the mac address of SQUID server. Again I only see one direction traffic
going to the web site. At least we know it's doing something that looks

With clean.rules, web site's mac address is the gateway/DNS (in my case is
the same mac). I see bidirectional traffic between web site and VPN server.

On SQUID server I have applied 4 rules from this SQUID guide:

There is no traffic to SQUID using tshark. Nothing in SQUID logs or syslog.
Nothing in VPN's syslog.

Received on Thu Oct 31 2013 - 20:53:11 MDT

This archive was generated by hypermail 2.2.0 : Fri Nov 01 2013 - 12:00:07 MDT