[squid-users] Re: Squid not sending request to web

From: fordjohn <john_ford_at_kprdsb.ca>
Date: Fri, 11 Apr 2014 16:37:42 -0700 (PDT)

Hi Amos,
Below is the router script I have pasted into the firewall section of my
tomato router. It does not seem to forward packets to the proxy. Any ideas
what I am doing wrong. I am a newbie who is trying to learn.
Thanks for your help.

# IPv4 address of proxy
PROXYIP4= 192.168.1.16
# interface facing clients
CLIENTIFACE= eth0
# arbitrary mark used to route packets by the firewall. May be anything from
1 to 64.
FWMARK= 2
# permit Squid box out to the Internet
iptables -t mangle -A PREROUTING -p tcp --dport 80 -s $PROXYIP4 -j ACCEPT
# mark everything else on port 80 to be routed to the Squid box
iptables -t mangle -A PREROUTING -i $CLIENTIFACE -p tcp --dport 80 -j MARK
--set-mark $FWMARK
iptables -t mangle -A PREROUTING -m mark --mark $FWMARK -j ACCEPT
# NP: Ensure that traffic from inside the network is allowed to loop back
inside again.
iptables -t filter -A FORWARD -i $CLIENTIFACE -o $CLIENTIFACE -p tcp --dport
80 -j ACCEPT
ip rule add fwmark 2 table proxy
ip route add default via $PROXYIP table proxy

Below is a listing of my routers iptables

.root_at_Router:/tmp/home/root# iptables -t nat -vL;iptables -t filter -vL
Chain PREROUTING (policy ACCEPT 106 packets, 13596 bytes)
 pkts bytes target prot opt in out source
destination
    0 0 ACCEPT udp -- any any anywhere anywhere
udp dpt:1194
    0 0 WANPREROUTING all -- any any anywhere
wan-ip.Router
    0 0 DROP all -- ppp0 any anywhere
192.168.1.0/24
    0 0 upnp all -- any any anywhere
wan-ip.Router

Chain POSTROUTING (policy ACCEPT 22 packets, 1867 bytes)
 pkts bytes target prot opt in out source
destination
   48 3298 MASQUERADE all -- any tun11 192.168.1.0/24
anywhere
    0 0 MASQUERADE all -- any ppp0 anywhere
anywhere
    6 2412 SNAT all -- any br0 192.168.1.0/24
192.168.1.0/24 to:192.168.1.1

Chain OUTPUT (policy ACCEPT 28 packets, 4279 bytes)
 pkts bytes target prot opt in out source
destination

Chain WANPREROUTING (1 references)
 pkts bytes target prot opt in out source
destination
    0 0 DNAT icmp -- any any anywhere anywhere
to:192.168.1.1
    0 0 DNAT tcp -- any any 192.168.1.0/24 anywhere
tcp dpt:www to:192.168.1.16:3128
    0 0 DNAT udp -- any any 192.168.1.0/24 anywhere
udp dpt:www to:192.168.1.16:3128
    0 0 DNAT tcp -- any any anywhere anywhere
tcp dpt:63893 to:192.168.1.16
    0 0 DNAT udp -- any any anywhere anywhere
udp dpt:63893 to:192.168.1.16

Chain upnp (1 references)
 pkts bytes target prot opt in out source
destination
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target prot opt in out source
destination
    0 0 ACCEPT all -- tun21 any anywhere anywhere
    0 0 ACCEPT udp -- any any anywhere anywhere
udp dpt:1194
   25 2970 ACCEPT all -- tun11 any anywhere anywhere
    0 0 DROP all -- any any anywhere anywhere
state INVALID
 5813 7936K ACCEPT all -- any any anywhere anywhere
state RELATED,ESTABLISHED
    0 0 shlimit tcp -- any any anywhere anywhere
tcp dpt:ssh state NEW
    8 564 ACCEPT all -- lo any anywhere anywhere
  119 14722 ACCEPT all -- br0 any anywhere anywhere

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target prot opt in out source
destination
    0 0 DROP all -- br0 vlan1 anywhere anywhere
    0 0 DROP all -- br0 ppp0 anywhere anywhere
    0 0 DROP all -- br0 vlan2 anywhere anywhere
    0 0 ACCEPT all -- tun21 any anywhere anywhere
 5554 7375K ACCEPT all -- tun11 any anywhere anywhere
 3638 539K all -- any any anywhere anywhere
account: network/netmask: 192.168.1.0/255.255.255.0 name: lan
    0 0 ACCEPT all -- br0 br0 anywhere anywhere
    2 80 DROP all -- any any anywhere anywhere
state INVALID
   82 5024 TCPMSS tcp -- any any anywhere anywhere
tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
 3544 533K ACCEPT all -- any any anywhere anywhere
state RELATED,ESTABLISHED
    0 0 wanin all -- ppp0 any anywhere anywhere
    0 0 wanout all -- any ppp0 anywhere anywhere
   92 5982 ACCEPT all -- br0 any anywhere anywhere
    0 0 upnp all -- ppp0 any anywhere anywhere
    0 0 ACCEPT tcp -- -o any anywhere anywhere
tcp dpt:www

Chain OUTPUT (policy ACCEPT 3587 packets, 554K bytes)
 pkts bytes target prot opt in out source
destination

Chain shlimit (1 references)
 pkts bytes target prot opt in out source
destination
    0 0 all -- any any anywhere anywhere
recent: SET name: shlimit side: source
    0 0 DROP all -- any any anywhere anywhere
recent: UPDATE seconds: 60 hit_count: 4 name: shlimit side: source

Chain upnp (1 references)
 pkts bytes target prot opt in out source
destination

Chain wanin (1 references)
 pkts bytes target prot opt in out source
destination
    0 0 ACCEPT tcp -- any any 192.168.1.0/24
freenas.Router tcp dpt:squid
    0 0 ACCEPT udp -- any any 192.168.1.0/24
freenas.Router udp dpt:3128
    0 0 ACCEPT tcp -- any any anywhere
freenas.Router tcp dpt:63893
    0 0 ACCEPT udp -- any any anywhere
freenas.Router udp dpt:63893

Chain wanout (1 references)
 pkts bytes target prot opt in out source
destination
root_at_Router:/tmp/home/root#

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-not-sending-request-to-web-tp4665512p4665548.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Fri Apr 11 2014 - 23:38:26 MDT

This archive was generated by hypermail 2.2.0 : Sat Apr 12 2014 - 12:00:04 MDT