<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2180" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV>
<DIV id=result_box dir=ltr>Try putting in your squid.conf <BR>Http_port
127.0.0.1:3128 transparent tproxy <BR>Http_port 10.30.17.45:3128 transparent
tproxy</DIV></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=BRMO@Odense.dk href="mailto:BRMO@Odense.dk">Brian Møller</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=tproxy@lists.balabit.hu
href="mailto:tproxy@lists.balabit.hu">tproxy@lists.balabit.hu</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Thursday, February 14, 2008 2:59
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> [tproxy] Tproxy and squid</DIV>
<DIV><BR></DIV><BR><FONT face=sans-serif size=2>Hello there</FONT>
<BR><BR><FONT face=sans-serif size=2>I'm in the process of setting up a
filtering bridge for my work. I want to use Squid via url_redirect-option to
do the filtering. I want to se the source ip of the clients on the webservers
because of som logging isues and because the clients come from different
subnets and stuff like that I cant do anything against. </FONT><BR><BR><FONT
face=sans-serif size=2>I'm a little confused when it comes to the versions of
tproxy / cttproxy that I should use.</FONT> <BR><FONT face=sans-serif
size=2>From what I can read squid doesn't support tproxy4 so i have to use
cttproxy. Am I correct in that assumption?</FONT> <BR><BR><FONT
face=sans-serif size=2>If I'm i have a question:</FONT> <BR><FONT
face=sans-serif size=2>I have compiled my kernel (2.6.20) with this patch-set:
http://www.balabit.com/downloads/files/tproxy/obsolete/linux-2.6/cttproxy-2.6.20-2.0.6.tar.gz</FONT>
<BR><FONT face=sans-serif size=2>And also IPTables 1.3.8 with the same
patch-set</FONT> <BR><BR><FONT face=sans-serif size=2>After that I have
compiled squid-2.6.STABLE18 --enable-linux-tproxy after copy'ing one or
two .h-files to the right directory.</FONT> <BR><FONT face=sans-serif
size=2>My squid.conf can be seen in the bottom of this email.</FONT>
<BR><BR><FONT face=sans-serif size=2>The bridge is working, traffic is flowing
as it should, and the traffic is redirected nicely after running this
command:</FONT> <BR><FONT face=sans-serif size=2>/usr/local/sbin/iptables -t
tproxy -A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY --on-port 3128</FONT>
<BR><BR><FONT face=sans-serif size=2>But now it is the IP of the proxy that
gets into the logs of the webservers.</FONT> <BR><BR><FONT face=sans-serif
size=2>Have I missed something or might there be </FONT><BR><BR><FONT
face=sans-serif size=2>/Brian</FONT> <BR><BR><BR><FONT face=sans-serif
size=2>access_log /var/log/squid/access.log squid</FONT> <BR><FONT
face=sans-serif size=2>acl CONNECT method CONNECT</FONT> <BR><FONT
face=sans-serif size=2>acl QUERY urlpath_regex cgi-bin \?</FONT> <BR><FONT
face=sans-serif size=2>acl SSL_ports port 443</FONT> <BR><FONT face=sans-serif
size=2>acl Safe_ports port 1025-65535 # unregistered ports</FONT>
<BR><FONT face=sans-serif size=2>acl Safe_ports port 21
# ftp</FONT> <BR><FONT face=sans-serif size=2>acl Safe_ports port
210 # wais</FONT> <BR><FONT face=sans-serif
size=2>acl Safe_ports port 280 # http-mgmt</FONT>
<BR><FONT face=sans-serif size=2>acl Safe_ports port 443
# https</FONT> <BR><FONT face=sans-serif size=2>acl Safe_ports port 488
# gss-http</FONT> <BR><FONT face=sans-serif
size=2>acl Safe_ports port 591 # filemaker</FONT>
<BR><FONT face=sans-serif size=2>acl Safe_ports port 70
# gopher</FONT> <BR><FONT face=sans-serif size=2>acl Safe_ports
port 777 # multiling http</FONT> <BR><FONT
face=sans-serif size=2>acl Safe_ports port 80
# http</FONT> <BR><FONT face=sans-serif size=2>acl all src
0.0.0.0/0.0.0.0</FONT> <BR><FONT face=sans-serif size=2>acl apache rep_header
Server ^Apache</FONT> <BR><FONT face=sans-serif size=2>acl localhost src
127.0.0.1/255.255.255.255</FONT> <BR><FONT face=sans-serif size=2>acl manager
proto cache_object</FONT> <BR><FONT face=sans-serif size=2>acl our_networks
src 192.168.0.0/16 10.0.0.0/8</FONT> <BR><FONT face=sans-serif size=2>acl
to_localhost dst 127.0.0.0/8</FONT> <BR><FONT face=sans-serif
size=2>broken_vary_encoding allow apache</FONT> <BR><FONT face=sans-serif
size=2>cache deny QUERY</FONT> <BR><FONT face=sans-serif size=2>cache_dir null
/null</FONT> <BR><FONT face=sans-serif size=2>cache_log
/var/log/squid/cache.log</FONT> <BR><FONT face=sans-serif size=2>cache_mem 256
MB</FONT> <BR><FONT face=sans-serif size=2>cache_store_log none</FONT>
<BR><FONT face=sans-serif size=2>coredump_dir /var/log/squid/cache</FONT>
<BR><FONT face=sans-serif size=2>dns_nameservers 10.30.17.73
10.30.17.71</FONT> <BR><FONT face=sans-serif size=2>forwarded_for off</FONT>
<BR><FONT face=sans-serif size=2>hierarchy_stoplist cgi-bin ?</FONT> <BR><FONT
face=sans-serif size=2>http_access allow manager localhost</FONT> <BR><FONT
face=sans-serif size=2>http_access allow our_networks</FONT> <BR><FONT
face=sans-serif size=2>http_access deny !Safe_ports</FONT> <BR><FONT
face=sans-serif size=2>http_access deny CONNECT !SSL_ports</FONT> <BR><FONT
face=sans-serif size=2>http_access deny all</FONT> <BR><FONT face=sans-serif
size=2>http_access deny manager</FONT> <BR><FONT face=sans-serif
size=2>http_port 3128 transparent tproxy</FONT> <BR><FONT face=sans-serif
size=2>icp_access allow all</FONT> <BR><FONT face=sans-serif
size=2>logfile_rotate 10</FONT> <BR><FONT face=sans-serif
size=2>refresh_pattern . 0
20% 4320</FONT> <BR><FONT face=sans-serif
size=2>refresh_pattern ^ftp: 1440
20% 10080</FONT> <BR><FONT face=sans-serif
size=2>refresh_pattern ^gopher: 1440
0% 1440</FONT> <BR><FONT face=sans-serif
size=2>tcp_outgoing_address 10.30.17.45</FONT> <BR><FONT face=sans-serif
size=2>url_rewrite_children 30</FONT> <BR><FONT face=sans-serif
size=2>url_rewrite_program /usr/bin/squidGuard</FONT> <BR><FONT
face=sans-serif size=2>via off</FONT>
<P>
<HR>
<P></P>_______________________________________________<BR>tproxy mailing
list<BR>tproxy@lists.balabit.hu<BR>https://lists.balabit.hu/mailman/listinfo/tproxy<BR></BLOCKQUOTE></BODY></HTML>