<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">These comments was meant to give you
      information long ago..<br>
      It gives the big picture to the one who actually needs it.<br>
      Most people that dont understand can ask freely on the mailing
      lists which are the best resource I know of.<br>
      Using mailing list real people can understand and explain to you
      the difference between what you understand and do not.<br>
      <br>
      If you do know how iptables works it will be simple to understand
      this logic.<br>
      If you are new to iptables or to linux it's better to Ask rather
      then just do not understand their meanings.<br>
      <br>
      Eliezer<br>
      <br>
      <br>
      On 07/05/2013 04:03 PM, Firas Rasmy wrote:<br>
    </div>
    <blockquote
      cite="mid:1373029430.36653.YahooMailNeo@web120402.mail.ne1.yahoo.com"
      type="cite">
      <div style="color:#000; background-color:#fff; font-family:arial,
        helvetica, sans-serif;font-size:10pt">
        <div>Thanks a lot Chinmay and Eliezer,</div>
        <div><br>
        </div>
        <div style="color: rgb(0, 0, 0); font-size: 13px; font-family:
          arial, helvetica, sans-serif; background-color: transparent;
          font-style: normal;">I think the comments on the iptables
          rules in&nbsp;<a moz-do-not-send="true"
            href="http://wiki.squid-cache.org/Features/Tproxy4"
            style="font-size: 10pt;">http://wiki.squid-cache.org/Features/Tproxy4</a>&nbsp;are
          a bit confusing!<br>
        </div>
        <div style="color: rgb(0, 0, 0); font-size: 13px; font-family:
          arial, helvetica, sans-serif; background-color: transparent;
          font-style: normal;"><br>
        </div>
        <div style="color: rgb(0, 0, 0); font-size: 13px; font-family:
          arial, helvetica, sans-serif; background-color: transparent;
          font-style: normal;">Best regards,</div>
        <div style="color: rgb(0, 0, 0); font-size: 13px; font-family:
          arial, helvetica, sans-serif; background-color: transparent;
          font-style: normal;">Firas</div>
        <div><br>
        </div>
        <div style="font-family: arial, helvetica, sans-serif;
          font-size: 10pt;">
          <div style="font-family: 'times new roman', 'new york', times,
            serif; font-size: 12pt;">
            <div dir="ltr">
              <hr size="1"> <font face="Arial" size="2"> <b><span
                    style="font-weight:bold;">From:</span></b> Chinmay
                Mahata <a class="moz-txt-link-rfc2396E" href="mailto:chinmay_mahata@rediffmail.com">&lt;chinmay_mahata@rediffmail.com&gt;</a><br>
                <b><span style="font-weight: bold;">To:</span></b> Firas
                Rasmy <a class="moz-txt-link-rfc2396E" href="mailto:firasrasmy@yahoo.com">&lt;firasrasmy@yahoo.com&gt;</a> <br>
                <b><span style="font-weight: bold;">Cc:</span></b>
                <a class="moz-txt-link-rfc2396E" href="mailto:tproxy@lists.balabit.hu">"tproxy@lists.balabit.hu"</a>
                <a class="moz-txt-link-rfc2396E" href="mailto:tproxy@lists.balabit.hu">&lt;tproxy@lists.balabit.hu&gt;</a> <br>
                <b><span style="font-weight: bold;">Sent:</span></b>
                Friday, July 5, 2013 2:13 PM<br>
                <b><span style="font-weight: bold;">Subject:</span></b>
                Re: [tproxy] Squid with TProxy Support<br>
              </font> </div>
            <div class="y_msg_container"><br>
              <div id="yiv0878288906">Hi Firas,<br>
                &nbsp;&nbsp;&nbsp; Your understanding is absolutely correct.<br>
                <br>
                Regards,<br>
                --Chinmay&nbsp; <br>
                <br>
                <br>
                <br>
                <br>
                From: Firas Rasmy <a class="moz-txt-link-rfc2396E" href="mailto:firasrasmy@yahoo.com">&lt;firasrasmy@yahoo.com&gt;</a><br>
                Sent: Wed, 03 Jul 2013 04:34:02 <br>
                To: <a class="moz-txt-link-rfc2396E" href="mailto:tproxy@lists.balabit.hu">"tproxy@lists.balabit.hu"</a>
                <a class="moz-txt-link-rfc2396E" href="mailto:tproxy@lists.balabit.hu">&lt;tproxy@lists.balabit.hu&gt;</a><br>
                Subject: Re: [tproxy] Squid with TProxy Support<br>
                <div style="color: rgb(0, 0, 0); background-color:
                  rgb(255, 255, 255); font-family: arial, helvetica,
                  sans-serif; font-size: 10pt;">
                  <div style="font-family: arial, helvetica, sans-serif;
                    font-size: 10pt;"><span>Thanks a lot for your reply
                      Eliezer!</span></div>
                  <div style="font-family: arial, helvetica, sans-serif;
                    font-size: 13px; background-color: transparent;
                    font-style: normal;"><span><br>
                    </span></div>
                  <div style="font-family: arial, helvetica, sans-serif;
                    font-size: 13px; background-color: transparent;
                    font-style: normal;"><span>I have another question
                      here regarding the following iptables rules, which
                      are needed to get TPROXY to work:</span></div>
                  <div style="font-family: arial, helvetica, sans-serif;
                    font-size: 13px; background-color: transparent;
                    font-style: normal;"><span><br>
                    </span></div>
                  <div style="background-color:transparent;"><font
                      size="2">iptables -t mangle -N DIVERT</font></div>
                  <div style="background-color:transparent;"><font
                      size="2">iptables -t mangle -A DIVERT -j MARK
                      --set-mark 1</font></div>
                  <div style="background-color:transparent;"><font
                      size="2">iptables -t mangle -A DIVERT -j ACCEPT</font></div>
                  <div style="background-color:transparent;"><span
                      style="font-size:13px;background-color:transparent;">iptables
                      &nbsp;-t mangle -A PREROUTING -p tcp -m socket -j
                      DIVERT</span><br>
                  </div>
                  <div style="background-color:transparent;"><font
                      size="2"><span></span></font></div>
                  <div style="background-color:transparent;"><font
                      size="2"><br>
                    </font></div>
                  <div style="background-color: transparent; font-size:
                    13px; font-family: arial, helvetica, sans-serif;
                    font-style: normal;"><font size="2">iptables &nbsp;-t
                      mangle -A PREROUTING -p tcp --dport 80 -j TPROXY
                      --tproxy-mark 0x1/0x1 --on-port 3129</font></div>
                  <div style="font-family: arial, helvetica, sans-serif;
                    font-size: 10pt;"><br>
                  </div>
                  <div style="font-family: arial, helvetica, sans-serif;
                    font-size: 13px; background-color: transparent;
                    font-style: normal;"><span><br>
                    </span></div>
                  <div style="font-family: arial, helvetica, sans-serif;
                    font-size: 13px; background-color: transparent;
                    font-style: normal;"><span><br>
                    </span></div>
                  <div style="background-color:transparent;"><span
                      style="font-family: arial, helvetica, sans-serif;
                      font-size: 13px; font-style: normal;">&nbsp;What is "-m
                      socket" used for? Man page of iptables says that
                      "-m socket" </span><span
                      style="background-color:transparent;"><font
                        size="2">matches if an open socket can be found
                        by doing a socket lookup on&nbsp;</font></span><span
style="font-size:13px;background-color:transparent;">the packet. I think
                      the following rule is intended for reply packets
                      coming from web servers to squid (with the spoofed
                      IP address), am I right? If not, please correct
                      me:</span></div>
                  <div style="background-color: transparent; font-size:
                    13px; font-family: arial, helvetica, sans-serif;
                    font-style: normal;"><span
                      style="font-size:13px;background-color:transparent;">iptables
                      &nbsp;-t mangle -A PREROUTING -p tcp -m socket -j
                      DIVERT<br>
                    </span></div>
                  <div style="background-color: transparent; font-size:
                    13px; font-family: arial, helvetica, sans-serif;
                    font-style: normal;"><span
                      style="font-size:13px;background-color:transparent;"><br>
                    </span></div>
                  <div style="background-color: transparent; font-size:
                    13px; font-family: arial, helvetica, sans-serif;
                    font-style: normal;"><span
                      style="font-size:13px;background-color:transparent;">Best
                      regards,</span></div>
                  <div style="background-color: transparent; font-size:
                    13px; font-family: arial, helvetica, sans-serif;
                    font-style: normal;"><span style="font-size:13px;
                      background-color:transparent;">Firas</span></div>
                  <div><br>
                  </div>
                  <div style="font-family: arial, helvetica, sans-serif;
                    font-size: 10pt;"><br>
                  </div>
                  <div style="font-family: arial, helvetica, sans-serif;
                    font-size: 10pt;">
                    <div style="font-family: 'times new roman', 'new
                      york', times, serif; font-size: 12pt;">
                      <div dir="ltr">
                        <hr size="1"> <font face="Arial" size="2"> <b><span
                              style="font-weight:bold;">From:</span></b>
                          Eliezer Croitoru <a class="moz-txt-link-rfc2396E" href="mailto:eliezer@ngtech.co.il">&lt;eliezer@ngtech.co.il&gt;</a><br>
                          <b><span style="font-weight:bold;">To:</span></b>
                          <a class="moz-txt-link-abbreviated" href="mailto:tproxy@lists.balabit.hu">tproxy@lists.balabit.hu</a> <br>
                          <b><span style="font-weight:bold;">Sent:</span></b>
                          Monday, July 1, 2013 11:00 PM<br>
                          <b><span style="font-weight:bold;">Subject:</span></b>
                          Re: [tproxy] Squid with TProxy Support<br>
                        </font> </div>
                      <div><br>
                        Centos comes with TPROXY so you don't need to
                        recompile or do anything <br>
                        more then to bundled kernel from CentOS.<br>
                        Take a small peek at this tutorial:<br>
                        <a moz-do-not-send="true" rel="nofollow"
                          target="_blank"
                          href="http://wiki.squid-cache.org/ConfigExamples/UbuntuTproxy4Wccp2">http://wiki.squid-cache.org/ConfigExamples/UbuntuTproxy4Wccp2</a><br>
                        The tutorial have all the working examples that
                        are needed for tproxy <br>
                        with squid.<br>
                        <br>
                        If you will need more help you can try
                        squid-users.<br>
                        <br>
                        Eliezer<br>
                        <br>
                        On 07/01/2013 09:37 PM, Firas Rasmy wrote:<br>
                        &gt; Hello there!<br>
                        &gt;<br>
                        &gt; I'm trying to install squid with TPROXY
                        support. I'm using a Centos 6.4<br>
                        &gt; (64-bit) with kernel version
                        2.6.32-358.el6.x86_64 and iptables version<br>
                        &gt; 4.1.7<br>
                        &gt;<br>
                        &gt; I've followed the instructions in<br>
                        &gt; <a moz-do-not-send="true" rel="nofollow"
                          target="_blank"
                          href="http://wiki.squid-cache.org/Features/Tproxy4">http://wiki.squid-cache.org/Features/Tproxy4
                        </a>but unfortunately<br>
                        &gt; connecting to any website from a client
                        with Chrome browser fails with<br>
                        &gt; this error:<br>
                        &gt; Error 324 (<a class="moz-txt-link-freetext" href="net::ERR_EMPTY_RESPONSE">net::ERR_EMPTY_RESPONSE</a>): The
                        server closed the connection<br>
                        &gt; without sending any data.<br>
                        &gt;<br>
                        &gt; When trying to telnet squid on port 80, I
                        get a connection but the<br>
                        &gt; connection is closed once I hit any key! I
                        think packets are being<br>
                        &gt; redirected to squid successfully because if
                        I stop squid, there would be<br>
                        &gt; no connections at all. Do you have any idea
                        of what might be the reason?<br>
                        &gt;<br>
                        &gt; Another question, I have checked that my
                        current kernel was already<br>
                        &gt; built with those options:<br>
                        &gt; NF_CONNTRACK=m<br>
                        &gt; NETFILTER_TPROXY=m<br>
                        &gt; NETFILTER_XT_MATCH_SOCKET=m<br>
                        &gt; NETFILTER_XT_TARGET_TPROXY=m<br>
                        &gt;<br>
                        &gt; Do I still have to recompile it with
                        patches from<br>
                        &gt; <a moz-do-not-send="true" rel="nofollow"
                          target="_blank"
href="http://www.rediffmail.com/cgi-bin/red.cgi?account_type=1&amp;red=http%3A%2F%2Fwww.balabit.com%2Fdownloads%2Ffiles%2Ftproxy%2F%3F&amp;isImage=0&amp;BlockImage=0&amp;rediffng=0">http://www.balabit.com/downloads/files/tproxy/?</a><br>
                        &gt; There are no patches available for this
                        current version. What about<br>
                        &gt; iptables? Do I need to patch it?<br>
                        &gt;<br>
                        &gt; My last question is: TPROXY target in the
                        mangle table is not supposed<br>
                        &gt; to change anything in the packet header,
                        how the packets with TPROXY<br>
                        &gt; target would be redirected to --on-port if
                        the IP header is untouched?!<br>
                        &gt;<br>
                        &gt; Thanks a lot for your help!<br>
                        &gt;<br>
                        &gt; Best regards,<br>
                        &gt; Firas<br>
                        &gt;<br>
                        &gt;<br>
                        &gt;
                        _______________________________________________<br>
                        &gt; tproxy mailing list<br>
                        &gt; <a class="moz-txt-link-abbreviated" href="mailto:tproxy@lists.balabit.hu">tproxy@lists.balabit.hu</a>');"
                        &gt;<a class="moz-txt-link-abbreviated" href="mailto:tproxy@lists.balabit.hu">tproxy@lists.balabit.hu</a><br>
                        &gt; <a moz-do-not-send="true" rel="nofollow"
                          target="_blank"
                          href="https://lists.balabit.hu/mailman/listinfo/tproxy">https://lists.balabit.hu/mailman/listinfo/tproxy</a><br>
                        &gt;<br>
                        <br>
                        _______________________________________________<br>
                        tproxy mailing list<br>
                        <a class="moz-txt-link-abbreviated" href="mailto:tproxy@lists.balabit.hu">tproxy@lists.balabit.hu</a>');"
                        &gt;<a class="moz-txt-link-abbreviated" href="mailto:tproxy@lists.balabit.hu">tproxy@lists.balabit.hu</a><br>
                        <a moz-do-not-send="true" rel="nofollow"
                          target="_blank"
                          href="https://lists.balabit.hu/mailman/listinfo/tproxy">https://lists.balabit.hu/mailman/listinfo/tproxy</a><br>
                        <br>
                        <br>
                      </div>
                    </div>
                  </div>
                </div>
                _______________________________________________<br>
                tproxy mailing list<br>
                <a class="moz-txt-link-abbreviated" href="mailto:tproxy@lists.balabit.hu">tproxy@lists.balabit.hu</a><br>
                <a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/tproxy">https://lists.balabit.hu/mailman/listinfo/tproxy</a><br>
                <br>
                <a moz-do-not-send="true" rel="nofollow" target="_blank"
href="http://sigads.rediff.com/RealMedia/ads/click_nx.ads/www.rediffmail.com/signatureline.htm@Middle?"><img
                    moz-do-not-send="true"
src="http://sigads.rediff.com/RealMedia/ads/adstream_nx.ads/www.rediffmail.com/signatureline.htm@Middle"></a><br>
                <div style="font-family: Arial, Helvetica, sans-serif;
                  font-size: 14px;">Get your own <span
                    style="font-size: 12px; font-family: Arial,
                    Helvetica, sans-serif; background-color: rgb(204, 0,
                    0); color: rgb(255, 255, 255); padding: 0px 3px;"><b>FREE</b></span>
                  website and domain with business email solutions, <a
                    moz-do-not-send="true" rel="nofollow"
                    target="_blank"
href="http://track.rediff.com/click?url=___http://hosting.rediff.com/rediffmailpro/business-email?sc_cid=sig___&amp;cmp=sig&amp;lnk=sig&amp;nsrv1=host">click
                    here</a></div>
              </div>
              <br>
              <br>
            </div>
          </div>
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
tproxy mailing list
<a class="moz-txt-link-abbreviated" href="mailto:tproxy@lists.balabit.hu">tproxy@lists.balabit.hu</a>
<a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/tproxy">https://lists.balabit.hu/mailman/listinfo/tproxy</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>