Hi, <br><br>Here is my situation : <br><br><ul><li>CentOS 5.2 ( my own built kernel 2.6.25.11-TProxy-ReiserFS with this patch : <a href="http://www.balabit.com/downloads/files/tproxy/tproxy-kernel-2.6.25-20080519-165031-1211208631.tar.bz2">http://www.balabit.com/downloads/files/tproxy/tproxy-kernel-2.6.25-20080519-165031-1211208631.tar.bz2</a>)</li>
<li>iptables v1.4.3-rc1( <a href="ftp://ftp.netfilter.org/pub/iptables/snapshot/iptables-20090206.tar.bz2">ftp://ftp.netfilter.org/pub/iptables/snapshot/iptables-20090206.tar.bz2</a> )</li><li>squid 3.1.0.5 RC ( <a href="http://www.squid-cache.org/Versions/v3/3.1/squid-3.1.0.5.tar.bz2">http://www.squid-cache.org/Versions/v3/3.1/squid-3.1.0.5.tar.bz2</a> ) and compiled with these options : "'--enable-poll' '--enable-storeio=aufs,diskd,ufs' '--with-pthreads' '--enable-removal-policies=heap,lru' '--enable-<br>
linux-netfilter' '--enable-useragent-log' '--enable-referer-log' '--enable-underscores' '--disable-dependency-tracking' '--disable-ident-lookups' '--with-large-files' '--enable-follow-x-forwarded-for' '--enable-cache-digests' '--enable-delay-pools' '--enable-truncate' '--prefix=/usr' '--localstatedir=/var' '--sysconfdir=/etc/squid' '--with-logdir=/var/log/squid' '--enable-wccpv2' '--enable-wccp' '--exec_prefix=/usr' '--bindir=/usr/sbin' '--libexecdir=/usr/lib/squid' '--with-filedescriptors=8192' --with-squid=/usr/src/squid-3.1.0.5 --enable-ltdl-convenience\"</li>
<li>with following iptables rules : <br>[root@CACHE1 squid-3.1.0.5]# service iptables status<br>Table: filter<br>Chain INPUT (policy ACCEPT)<br>num target prot opt source destination <br><br>Chain FORWARD (policy ACCEPT)<br>
num target prot opt source destination <br><br>Chain OUTPUT (policy ACCEPT)<br>num target prot opt source destination <br><br>Table: mangle<br>Chain PREROUTING (policy ACCEPT)<br>
num target prot opt source destination <br>1 DIVERT tcp -- <a href="http://0.0.0.0/0">0.0.0.0/0</a> <a href="http://0.0.0.0/0">0.0.0.0/0</a> socket <br>2 TPROXY tcp -- <a href="http://0.0.0.0/0">0.0.0.0/0</a> <a href="http://0.0.0.0/0">0.0.0.0/0</a> tcp dpt:80 TPROXY redirect <a href="http://0.0.0.0:3129">0.0.0.0:3129</a> mark 0x1/0x1<br>
<br>Chain INPUT (policy ACCEPT)<br>num target prot opt source destination <br><br>Chain FORWARD (policy ACCEPT)<br>num target prot opt source destination <br><br>Chain OUTPUT (policy ACCEPT)<br>
num target prot opt source destination <br><br>Chain POSTROUTING (policy ACCEPT)<br>num target prot opt source destination <br><br>Chain DIVERT (1 references)<br>num target prot opt source destination <br>
1 MARK all -- <a href="http://0.0.0.0/0">0.0.0.0/0</a> <a href="http://0.0.0.0/0">0.0.0.0/0</a> MARK xset 0x1/0xffffffff <br>2 ACCEPT all -- <a href="http://0.0.0.0/0">0.0.0.0/0</a> <a href="http://0.0.0.0/0">0.0.0.0/0</a> <br>
<br>[root@CACHE1 squid-3.1.0.5]# </li><li>With following iproute2 rules : [root@CACHE1 squid-3.1.0.5]# ip ru list<br>0: from all lookup 255 <br>32765: from all fwmark 0x1 lookup 100 <br>32766: from all lookup main <br>
32767: from all lookup default <br>[root@CACHE1 squid-3.1.0.5]# ip ro list table 100<br>local default dev lo scope host <br>[root@CACHE1 squid-3.1.0.5]# <br></li><li>with following http_port line in squid : http_port 3129 tproxy</li>
</ul>everything seems to be working and squid run with these messages in cache.log : <br>2009/02/07 22:22:43| Accepting spoofing HTTP connections at <a href="http://0.0.0.0:3129">0.0.0.0:3129</a>, FD 16.<br><br>my requests seems to be redirected to port 3129 as I expected and the pages are loading propertly. But the problem is that when I go to site <a href="http://myipaddress.co.uk/">http://myipaddress.co.uk/</a> it gives me the cache ip address instead of my own client ip address. here is the tethereal output for one of my requests : <br>
<br>[root@CACHE1 squid-3.1.0.5]# tethereal host 85.247.162.18 -n <br>Running as user "root" and group "root". This could be dangerous.<br>Capturing on eth1<br> 0.000000 85.247.162.18 -> 213.171.218.15 TCP 57226 > 80 [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=1969980 TSER=0 WS=2<br>
0.000024 213.171.218.15 -> 85.247.162.18 TCP 80 > 57226 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=10639608 TSER=1969980 WS=7<br> 0.002265 85.247.162.18 -> 213.171.218.15 TCP 57226 > 80 [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=1969981 TSER=10639608<br>
0.004521 85.247.162.18 -> 213.171.218.15 HTTP GET / HTTP/1.1 <br> 0.004529 213.171.218.15 -> 85.247.162.18 TCP 80 > 57226 [ACK] Seq=1 Ack=386 Win=6912 Len=0 TSV=10639612 TSER=1969981<br> 0.402945 213.171.218.15 -> 85.247.162.18 HTTP HTTP/1.0 200 OK (text/html)<br>
0.402950 213.171.218.15 -> 85.247.162.18 HTTP Continuation or non-HTTP traffic<br> 0.412859 85.247.162.18 -> 213.171.218.15 TCP 57226 > 80 [ACK] Seq=386 Ack=1449 Win=8736 Len=0 TSV=1970084 TSER=10640007<br> 0.412867 213.171.218.15 -> 85.247.162.18 HTTP Continuation or non-HTTP traffic<br>
0.413273 85.247.162.18 -> 213.171.218.15 TCP 57226 > 80 [ACK] Seq=386 Ack=1579 Win=8736 Len=0 TSV=1970084 TSER=10640007<br> 0.418901 85.247.162.18 -> 213.171.218.15 TCP 57226 > 80 [ACK] Seq=386 Ack=2213 Win=11632 Len=0 TSV=1970085 TSER=10640017<br>
<br>Where my client ip address is 85.247.162.18 and my cache server ip address is 85.247.162.2. This means that the client ip spoofing is not working with tproxy4. Can any guide me ?<br><br>-- <br>Regards<br>Hamid Hashemi<br>