Re: [squid-users] TProxy Setup

From: Nyamul Hassan <nyamul_at_gmail.com>
Date: Sun, 6 Jul 2014 16:44:08 +0600

Dear Amos,

Thank you for your suggestion!

The browser on the client is Chrome. Interestingly, when I try to
open any link in Chrome, it tries 3 times. But, when we try from an
"Incognito Mode" window, it makes only one request.

Morever, there are "two" routers:
one for Host -> Rtr1 -> Squid
another for Squid -> Rtr2 -> Internet

This was done as per your advice so that we can detect loops in the
router with rules.

Please check this pastebin (all data from Rtr1):
http://pastebin.com/fdZpHvjn

* The first line is just the logging rule that we use, which is the
same (for logic) as the routing-mark rule.
* The number of packets that are logged by the router between
Incognito vs Non-Incognito mode of Chrome, are different. 5 (five)
for Incognito Mode, and 13 (thirteen) for Non-Incognito mode.
* There are 3 (three) different source ports on client IP for
Non-Incognito Mode, but only 1 (one) for Incognito Mode.
* All the MAC addresses are the same.

Also, the router only has "policy - routing" rules which are not
touched between Squid TProxy, Squid Intercept, and the
"tproxy-example" software as mentioned in an earlier email.

Thank you once again for looking into this Amos!

Regards
HASSAN

On Sun, Jul 6, 2014 at 4:09 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 2014-07-06 20:18, Nyamul Hassan wrote:
>>
>> Thanks for the video, Eliezer! The Mikrotik configuration part was
>> quite interesting!
>>
>> New Basic Data:
>> http://pastebin.com/ULT2d4Ej
>>
>> Debug (All,1 89,9 17,3)
>> http://pastebin.com/0Ycgtea2
>>
>> Just one request from the client browser was made. The destination is
>> also a server under our control. http://130.94.72.133. It is just a
>> simple HTML file with the words "It works!"
>
>
>
> Hmm. Three TCP connections arrived at Squid.
>
> 2014/07/06 14:13:23.147 ... BEGIN: me/client= 130.94.72.133:80,
> destination/me= 116.193.170.10:4246
> 2014/07/06 14:13:23.149 ... BEGIN: me/client= 130.94.72.133:80,
> destination/me= 116.193.170.10:4247
> 2014/07/06 14:13:23.890 ... BEGIN: me/client= 130.94.72.133:80,
> destination/me= 116.193.170.10:4248
>
> Assuming that the TPROXY was configured at the time these lines were logged
> it appears you have a forwarding loop, probably in the router.
>
> One of the key things with TPROXY is that IP address based rules in the
> router do not work. Outgoing packets from Squid appear to be coming from the
> client, so only rules checking the interface or MAC address work properly
> work on separate routers like the Mikrotik.
>
> Amos
Received on Sun Jul 06 2014 - 10:44:57 MDT

This archive was generated by hypermail 2.2.0 : Sun Jul 06 2014 - 12:00:05 MDT