<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">These comments was meant to give you
information long ago..<br>
It gives the big picture to the one who actually needs it.<br>
Most people that dont understand can ask freely on the mailing
lists which are the best resource I know of.<br>
Using mailing list real people can understand and explain to you
the difference between what you understand and do not.<br>
<br>
If you do know how iptables works it will be simple to understand
this logic.<br>
If you are new to iptables or to linux it's better to Ask rather
then just do not understand their meanings.<br>
<br>
Eliezer<br>
<br>
<br>
On 07/05/2013 04:03 PM, Firas Rasmy wrote:<br>
</div>
<blockquote
cite="mid:1373029430.36653.YahooMailNeo@web120402.mail.ne1.yahoo.com"
type="cite">
<div style="color:#000; background-color:#fff; font-family:arial,
helvetica, sans-serif;font-size:10pt">
<div>Thanks a lot Chinmay and Eliezer,</div>
<div><br>
</div>
<div style="color: rgb(0, 0, 0); font-size: 13px; font-family:
arial, helvetica, sans-serif; background-color: transparent;
font-style: normal;">I think the comments on the iptables
rules in <a moz-do-not-send="true"
href="http://wiki.squid-cache.org/Features/Tproxy4"
style="font-size: 10pt;">http://wiki.squid-cache.org/Features/Tproxy4</a> are
a bit confusing!<br>
</div>
<div style="color: rgb(0, 0, 0); font-size: 13px; font-family:
arial, helvetica, sans-serif; background-color: transparent;
font-style: normal;"><br>
</div>
<div style="color: rgb(0, 0, 0); font-size: 13px; font-family:
arial, helvetica, sans-serif; background-color: transparent;
font-style: normal;">Best regards,</div>
<div style="color: rgb(0, 0, 0); font-size: 13px; font-family:
arial, helvetica, sans-serif; background-color: transparent;
font-style: normal;">Firas</div>
<div><br>
</div>
<div style="font-family: arial, helvetica, sans-serif;
font-size: 10pt;">
<div style="font-family: 'times new roman', 'new york', times,
serif; font-size: 12pt;">
<div dir="ltr">
<hr size="1"> <font face="Arial" size="2"> <b><span
style="font-weight:bold;">From:</span></b> Chinmay
Mahata <a class="moz-txt-link-rfc2396E" href="mailto:chinmay_mahata@rediffmail.com"><chinmay_mahata@rediffmail.com></a><br>
<b><span style="font-weight: bold;">To:</span></b> Firas
Rasmy <a class="moz-txt-link-rfc2396E" href="mailto:firasrasmy@yahoo.com"><firasrasmy@yahoo.com></a> <br>
<b><span style="font-weight: bold;">Cc:</span></b>
<a class="moz-txt-link-rfc2396E" href="mailto:tproxy@lists.balabit.hu">"tproxy@lists.balabit.hu"</a>
<a class="moz-txt-link-rfc2396E" href="mailto:tproxy@lists.balabit.hu"><tproxy@lists.balabit.hu></a> <br>
<b><span style="font-weight: bold;">Sent:</span></b>
Friday, July 5, 2013 2:13 PM<br>
<b><span style="font-weight: bold;">Subject:</span></b>
Re: [tproxy] Squid with TProxy Support<br>
</font> </div>
<div class="y_msg_container"><br>
<div id="yiv0878288906">Hi Firas,<br>
Your understanding is absolutely correct.<br>
<br>
Regards,<br>
--Chinmay <br>
<br>
<br>
<br>
<br>
From: Firas Rasmy <a class="moz-txt-link-rfc2396E" href="mailto:firasrasmy@yahoo.com"><firasrasmy@yahoo.com></a><br>
Sent: Wed, 03 Jul 2013 04:34:02 <br>
To: <a class="moz-txt-link-rfc2396E" href="mailto:tproxy@lists.balabit.hu">"tproxy@lists.balabit.hu"</a>
<a class="moz-txt-link-rfc2396E" href="mailto:tproxy@lists.balabit.hu"><tproxy@lists.balabit.hu></a><br>
Subject: Re: [tproxy] Squid with TProxy Support<br>
<div style="color: rgb(0, 0, 0); background-color:
rgb(255, 255, 255); font-family: arial, helvetica,
sans-serif; font-size: 10pt;">
<div style="font-family: arial, helvetica, sans-serif;
font-size: 10pt;"><span>Thanks a lot for your reply
Eliezer!</span></div>
<div style="font-family: arial, helvetica, sans-serif;
font-size: 13px; background-color: transparent;
font-style: normal;"><span><br>
</span></div>
<div style="font-family: arial, helvetica, sans-serif;
font-size: 13px; background-color: transparent;
font-style: normal;"><span>I have another question
here regarding the following iptables rules, which
are needed to get TPROXY to work:</span></div>
<div style="font-family: arial, helvetica, sans-serif;
font-size: 13px; background-color: transparent;
font-style: normal;"><span><br>
</span></div>
<div style="background-color:transparent;"><font
size="2">iptables -t mangle -N DIVERT</font></div>
<div style="background-color:transparent;"><font
size="2">iptables -t mangle -A DIVERT -j MARK
--set-mark 1</font></div>
<div style="background-color:transparent;"><font
size="2">iptables -t mangle -A DIVERT -j ACCEPT</font></div>
<div style="background-color:transparent;"><span
style="font-size:13px;background-color:transparent;">iptables
-t mangle -A PREROUTING -p tcp -m socket -j
DIVERT</span><br>
</div>
<div style="background-color:transparent;"><font
size="2"><span></span></font></div>
<div style="background-color:transparent;"><font
size="2"><br>
</font></div>
<div style="background-color: transparent; font-size:
13px; font-family: arial, helvetica, sans-serif;
font-style: normal;"><font size="2">iptables -t
mangle -A PREROUTING -p tcp --dport 80 -j TPROXY
--tproxy-mark 0x1/0x1 --on-port 3129</font></div>
<div style="font-family: arial, helvetica, sans-serif;
font-size: 10pt;"><br>
</div>
<div style="font-family: arial, helvetica, sans-serif;
font-size: 13px; background-color: transparent;
font-style: normal;"><span><br>
</span></div>
<div style="font-family: arial, helvetica, sans-serif;
font-size: 13px; background-color: transparent;
font-style: normal;"><span><br>
</span></div>
<div style="background-color:transparent;"><span
style="font-family: arial, helvetica, sans-serif;
font-size: 13px; font-style: normal;"> What is "-m
socket" used for? Man page of iptables says that
"-m socket" </span><span
style="background-color:transparent;"><font
size="2">matches if an open socket can be found
by doing a socket lookup on </font></span><span
style="font-size:13px;background-color:transparent;">the packet. I think
the following rule is intended for reply packets
coming from web servers to squid (with the spoofed
IP address), am I right? If not, please correct
me:</span></div>
<div style="background-color: transparent; font-size:
13px; font-family: arial, helvetica, sans-serif;
font-style: normal;"><span
style="font-size:13px;background-color:transparent;">iptables
-t mangle -A PREROUTING -p tcp -m socket -j
DIVERT<br>
</span></div>
<div style="background-color: transparent; font-size:
13px; font-family: arial, helvetica, sans-serif;
font-style: normal;"><span
style="font-size:13px;background-color:transparent;"><br>
</span></div>
<div style="background-color: transparent; font-size:
13px; font-family: arial, helvetica, sans-serif;
font-style: normal;"><span
style="font-size:13px;background-color:transparent;">Best
regards,</span></div>
<div style="background-color: transparent; font-size:
13px; font-family: arial, helvetica, sans-serif;
font-style: normal;"><span style="font-size:13px;
background-color:transparent;">Firas</span></div>
<div><br>
</div>
<div style="font-family: arial, helvetica, sans-serif;
font-size: 10pt;"><br>
</div>
<div style="font-family: arial, helvetica, sans-serif;
font-size: 10pt;">
<div style="font-family: 'times new roman', 'new
york', times, serif; font-size: 12pt;">
<div dir="ltr">
<hr size="1"> <font face="Arial" size="2"> <b><span
style="font-weight:bold;">From:</span></b>
Eliezer Croitoru <a class="moz-txt-link-rfc2396E" href="mailto:eliezer@ngtech.co.il"><eliezer@ngtech.co.il></a><br>
<b><span style="font-weight:bold;">To:</span></b>
<a class="moz-txt-link-abbreviated" href="mailto:tproxy@lists.balabit.hu">tproxy@lists.balabit.hu</a> <br>
<b><span style="font-weight:bold;">Sent:</span></b>
Monday, July 1, 2013 11:00 PM<br>
<b><span style="font-weight:bold;">Subject:</span></b>
Re: [tproxy] Squid with TProxy Support<br>
</font> </div>
<div><br>
Centos comes with TPROXY so you don't need to
recompile or do anything <br>
more then to bundled kernel from CentOS.<br>
Take a small peek at this tutorial:<br>
<a moz-do-not-send="true" rel="nofollow"
target="_blank"
href="http://wiki.squid-cache.org/ConfigExamples/UbuntuTproxy4Wccp2">http://wiki.squid-cache.org/ConfigExamples/UbuntuTproxy4Wccp2</a><br>
The tutorial have all the working examples that
are needed for tproxy <br>
with squid.<br>
<br>
If you will need more help you can try
squid-users.<br>
<br>
Eliezer<br>
<br>
On 07/01/2013 09:37 PM, Firas Rasmy wrote:<br>
> Hello there!<br>
><br>
> I'm trying to install squid with TPROXY
support. I'm using a Centos 6.4<br>
> (64-bit) with kernel version
2.6.32-358.el6.x86_64 and iptables version<br>
> 4.1.7<br>
><br>
> I've followed the instructions in<br>
> <a moz-do-not-send="true" rel="nofollow"
target="_blank"
href="http://wiki.squid-cache.org/Features/Tproxy4">http://wiki.squid-cache.org/Features/Tproxy4
</a>but unfortunately<br>
> connecting to any website from a client
with Chrome browser fails with<br>
> this error:<br>
> Error 324 (<a class="moz-txt-link-freetext" href="net::ERR_EMPTY_RESPONSE">net::ERR_EMPTY_RESPONSE</a>): The
server closed the connection<br>
> without sending any data.<br>
><br>
> When trying to telnet squid on port 80, I
get a connection but the<br>
> connection is closed once I hit any key! I
think packets are being<br>
> redirected to squid successfully because if
I stop squid, there would be<br>
> no connections at all. Do you have any idea
of what might be the reason?<br>
><br>
> Another question, I have checked that my
current kernel was already<br>
> built with those options:<br>
> NF_CONNTRACK=m<br>
> NETFILTER_TPROXY=m<br>
> NETFILTER_XT_MATCH_SOCKET=m<br>
> NETFILTER_XT_TARGET_TPROXY=m<br>
><br>
> Do I still have to recompile it with
patches from<br>
> <a moz-do-not-send="true" rel="nofollow"
target="_blank"
href="http://www.rediffmail.com/cgi-bin/red.cgi?account_type=1&red=http%3A%2F%2Fwww.balabit.com%2Fdownloads%2Ffiles%2Ftproxy%2F%3F&isImage=0&BlockImage=0&rediffng=0">http://www.balabit.com/downloads/files/tproxy/?</a><br>
> There are no patches available for this
current version. What about<br>
> iptables? Do I need to patch it?<br>
><br>
> My last question is: TPROXY target in the
mangle table is not supposed<br>
> to change anything in the packet header,
how the packets with TPROXY<br>
> target would be redirected to --on-port if
the IP header is untouched?!<br>
><br>
> Thanks a lot for your help!<br>
><br>
> Best regards,<br>
> Firas<br>
><br>
><br>
>
_______________________________________________<br>
> tproxy mailing list<br>
> <a class="moz-txt-link-abbreviated" href="mailto:tproxy@lists.balabit.hu">tproxy@lists.balabit.hu</a>');"
><a class="moz-txt-link-abbreviated" href="mailto:tproxy@lists.balabit.hu">tproxy@lists.balabit.hu</a><br>
> <a moz-do-not-send="true" rel="nofollow"
target="_blank"
href="https://lists.balabit.hu/mailman/listinfo/tproxy">https://lists.balabit.hu/mailman/listinfo/tproxy</a><br>
><br>
<br>
_______________________________________________<br>
tproxy mailing list<br>
<a class="moz-txt-link-abbreviated" href="mailto:tproxy@lists.balabit.hu">tproxy@lists.balabit.hu</a>');"
><a class="moz-txt-link-abbreviated" href="mailto:tproxy@lists.balabit.hu">tproxy@lists.balabit.hu</a><br>
<a moz-do-not-send="true" rel="nofollow"
target="_blank"
href="https://lists.balabit.hu/mailman/listinfo/tproxy">https://lists.balabit.hu/mailman/listinfo/tproxy</a><br>
<br>
<br>
</div>
</div>
</div>
</div>
_______________________________________________<br>
tproxy mailing list<br>
<a class="moz-txt-link-abbreviated" href="mailto:tproxy@lists.balabit.hu">tproxy@lists.balabit.hu</a><br>
<a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/tproxy">https://lists.balabit.hu/mailman/listinfo/tproxy</a><br>
<br>
<a moz-do-not-send="true" rel="nofollow" target="_blank"
href="http://sigads.rediff.com/RealMedia/ads/click_nx.ads/www.rediffmail.com/signatureline.htm@Middle?"><img
moz-do-not-send="true"
src="http://sigads.rediff.com/RealMedia/ads/adstream_nx.ads/www.rediffmail.com/signatureline.htm@Middle"></a><br>
<div style="font-family: Arial, Helvetica, sans-serif;
font-size: 14px;">Get your own <span
style="font-size: 12px; font-family: Arial,
Helvetica, sans-serif; background-color: rgb(204, 0,
0); color: rgb(255, 255, 255); padding: 0px 3px;"><b>FREE</b></span>
website and domain with business email solutions, <a
moz-do-not-send="true" rel="nofollow"
target="_blank"
href="http://track.rediff.com/click?url=___http://hosting.rediff.com/rediffmailpro/business-email?sc_cid=sig___&cmp=sig&lnk=sig&nsrv1=host">click
here</a></div>
</div>
<br>
<br>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
tproxy mailing list
<a class="moz-txt-link-abbreviated" href="mailto:tproxy@lists.balabit.hu">tproxy@lists.balabit.hu</a>
<a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/tproxy">https://lists.balabit.hu/mailman/listinfo/tproxy</a>
</pre>
</blockquote>
<br>
</body>
</html>