<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">Hey,<br>
      <br>
      Indeed as you were thinking.<br>
      the socket match a socket on the machine which means it's not an
      inbound connection.<br>
      the rules are:<br>
      if the connection is local divert it to local routing as a socket
      and otherwise redirect it into squid tproxy port.<br>
      <br>
      Eliezer<br>
      <br>
      On 07/03/2013 01:07 AM, Firas Rasmy wrote:<br>
    </div>
    <blockquote
      cite="mid:1372802839.47784.YahooMailNeo@web120401.mail.ne1.yahoo.com"
      type="cite">
      <div style="color:#000; background-color:#fff; font-family:arial,
        helvetica, sans-serif;font-size:10pt">
        <div style="font-family: arial, helvetica, sans-serif;
          font-size: 10pt;"><span>Thanks a lot for your reply Eliezer!</span></div>
        <div style="font-family: arial, helvetica, sans-serif;
          font-size: 13px; color: rgb(0, 0, 0); background-color:
          transparent; font-style: normal;"><span><br>
          </span></div>
        <div style="font-family: arial, helvetica, sans-serif;
          font-size: 13px; color: rgb(0, 0, 0); background-color:
          transparent; font-style: normal;"><span>I have another
            question here regarding the following iptables rules, which
            are needed to get TPROXY to work:</span></div>
        <div style="font-family: arial, helvetica, sans-serif;
          font-size: 13px; color: rgb(0, 0, 0); background-color:
          transparent; font-style: normal;"><span><br>
          </span></div>
        <div style="background-color: transparent;"><font size="2">iptables
            -t mangle -N DIVERT</font></div>
        <div style="background-color: transparent;"><font size="2">iptables
            -t mangle -A DIVERT -j MARK --set-mark 1</font></div>
        <div style="background-color: transparent;"><font size="2">iptables
            -t mangle -A DIVERT -j ACCEPT</font></div>
        <div style="background-color: transparent;"><span
            style="font-size: 13px; background-color: transparent;">iptables
            &nbsp;-t mangle -A PREROUTING -p tcp -m socket -j DIVERT</span><br>
        </div>
        <div style="background-color: transparent;"><font size="2"><span></span></font></div>
        <div style="background-color: transparent;"><font size="2"><br>
          </font></div>
        <div style="background-color: transparent; color: rgb(0, 0, 0);
          font-size: 13px; font-family: arial, helvetica, sans-serif;
          font-style: normal;"><font size="2">iptables &nbsp;-t mangle -A
            PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1
            --on-port 3129</font></div>
        <div style="font-family: arial, helvetica, sans-serif;
          font-size: 10pt;"><br>
        </div>
        <div style="font-family: arial, helvetica, sans-serif;
          font-size: 13px; color: rgb(0, 0, 0); background-color:
          transparent; font-style: normal;"><span><br>
          </span></div>
        <div style="font-family: arial, helvetica, sans-serif;
          font-size: 13px; color: rgb(0, 0, 0); background-color:
          transparent; font-style: normal;"><span><br>
          </span></div>
        <div style="background-color: transparent;"><span style="color:
            rgb(0, 0, 0); font-family: arial, helvetica, sans-serif;
            font-size: 13px; font-style: normal;">&nbsp;What is "-m socket"
            used for? Man page of iptables says that "-m socket" </span><span
            style="background-color: transparent;"><font size="2">matches
              if an open socket can be found by doing a socket lookup
              on&nbsp;</font></span><span style="font-size: 13px;
            background-color: transparent;">the packet. I think the
            following rule is intended for reply packets coming from web
            servers to squid (with the spoofed IP address), am I right?
            If not, please correct me:</span></div>
        <div style="background-color: transparent; color: rgb(0, 0, 0);
          font-size: 13px; font-family: arial, helvetica, sans-serif;
          font-style: normal;"><span style="font-size: 13px;
            background-color: transparent;">iptables &nbsp;-t mangle -A
            PREROUTING -p tcp -m socket -j DIVERT<br>
          </span></div>
        <div style="background-color: transparent; color: rgb(0, 0, 0);
          font-size: 13px; font-family: arial, helvetica, sans-serif;
          font-style: normal;"><span style="font-size: 13px;
            background-color: transparent;"><br>
          </span></div>
        <div style="background-color: transparent; color: rgb(0, 0, 0);
          font-size: 13px; font-family: arial, helvetica, sans-serif;
          font-style: normal;"><span style="font-size: 13px;
            background-color: transparent;">Best regards,</span></div>
        <div style="background-color: transparent; color: rgb(0, 0, 0);
          font-size: 13px; font-family: arial, helvetica, sans-serif;
          font-style: normal;"><span style="font-size: 13px;
            background-color: transparent;">Firas</span></div>
        <div><br>
        </div>
        <div style="font-family: arial, helvetica, sans-serif;
          font-size: 10pt;"><br>
        </div>
        <div style="font-family: arial, helvetica, sans-serif;
          font-size: 10pt;">
          <div style="font-family: 'times new roman', 'new york', times,
            serif; font-size: 12pt;">
            <div dir="ltr">
              <hr size="1"> <font face="Arial" size="2"> <b><span
                    style="font-weight:bold;">From:</span></b> Eliezer
                Croitoru <a class="moz-txt-link-rfc2396E" href="mailto:eliezer@ngtech.co.il">&lt;eliezer@ngtech.co.il&gt;</a><br>
                <b><span style="font-weight: bold;">To:</span></b>
                <a class="moz-txt-link-abbreviated" href="mailto:tproxy@lists.balabit.hu">tproxy@lists.balabit.hu</a> <br>
                <b><span style="font-weight: bold;">Sent:</span></b>
                Monday, July 1, 2013 11:00 PM<br>
                <b><span style="font-weight: bold;">Subject:</span></b>
                Re: [tproxy] Squid with TProxy Support<br>
              </font> </div>
            <div class="y_msg_container"><br>
              Centos comes with TPROXY so you don't need to recompile or
              do anything <br>
              more then to bundled kernel from CentOS.<br>
              Take a small peek at this tutorial:<br>
              <a moz-do-not-send="true"
                href="http://wiki.squid-cache.org/ConfigExamples/UbuntuTproxy4Wccp2"
                target="_blank">http://wiki.squid-cache.org/ConfigExamples/UbuntuTproxy4Wccp2</a><br>
              The tutorial have all the working examples that are needed
              for tproxy <br>
              with squid.<br>
              <br>
              If you will need more help you can try squid-users.<br>
              <br>
              Eliezer<br>
              <br>
              On 07/01/2013 09:37 PM, Firas Rasmy wrote:<br>
              &gt; Hello there!<br>
              &gt;<br>
              &gt; I'm trying to install squid with TPROXY support. I'm
              using a Centos 6.4<br>
              &gt; (64-bit) with kernel version 2.6.32-358.el6.x86_64
              and iptables version<br>
              &gt; 4.1.7<br>
              &gt;<br>
              &gt; I've followed the instructions in<br>
              &gt; <a moz-do-not-send="true"
                href="http://wiki.squid-cache.org/Features/Tproxy4"
                target="_blank">http://wiki.squid-cache.org/Features/Tproxy4
              </a>but unfortunately<br>
              &gt; connecting to any website from a client with Chrome
              browser fails with<br>
              &gt; this error:<br>
              &gt; Error 324 (<a class="moz-txt-link-freetext" href="net::ERR_EMPTY_RESPONSE">net::ERR_EMPTY_RESPONSE</a>): The server
              closed the connection<br>
              &gt; without sending any data.<br>
              &gt;<br>
              &gt; When trying to telnet squid on port 80, I get a
              connection but the<br>
              &gt; connection is closed once I hit any key! I think
              packets are being<br>
              &gt; redirected to squid successfully because if I stop
              squid, there would be<br>
              &gt; no connections at all. Do you have any idea of what
              might be the reason?<br>
              &gt;<br>
              &gt; Another question, I have checked that my current
              kernel was already<br>
              &gt; built with those options:<br>
              &gt; NF_CONNTRACK=m<br>
              &gt; NETFILTER_TPROXY=m<br>
              &gt; NETFILTER_XT_MATCH_SOCKET=m<br>
              &gt; NETFILTER_XT_TARGET_TPROXY=m<br>
              &gt;<br>
              &gt; Do I still have to recompile it with patches from<br>
              &gt; <a class="moz-txt-link-freetext" href="http://www.balabit.com/downloads/files/tproxy/">http://www.balabit.com/downloads/files/tproxy/</a>?<br>
              &gt; There are no patches available for this current
              version. What about<br>
              &gt; iptables? Do I need to patch it?<br>
              &gt;<br>
              &gt; My last question is: TPROXY target in the mangle
              table is not supposed<br>
              &gt; to change anything in the packet header, how the
              packets with TPROXY<br>
              &gt; target would be redirected to --on-port if the IP
              header is untouched?!<br>
              &gt;<br>
              &gt; Thanks a lot for your help!<br>
              &gt;<br>
              &gt; Best regards,<br>
              &gt; Firas<br>
              &gt;<br>
              &gt;<br>
              &gt; _______________________________________________<br>
              &gt; tproxy mailing list<br>
              &gt; <a moz-do-not-send="true"
                ymailto="mailto:tproxy@lists.balabit.hu"
                href="mailto:tproxy@lists.balabit.hu">tproxy@lists.balabit.hu</a><br>
              &gt; <a moz-do-not-send="true"
                href="https://lists.balabit.hu/mailman/listinfo/tproxy"
                target="_blank">https://lists.balabit.hu/mailman/listinfo/tproxy</a><br>
              &gt;<br>
              <br>
              _______________________________________________<br>
              tproxy mailing list<br>
              <a moz-do-not-send="true"
                ymailto="mailto:tproxy@lists.balabit.hu"
                href="mailto:tproxy@lists.balabit.hu">tproxy@lists.balabit.hu</a><br>
              <a moz-do-not-send="true"
                href="https://lists.balabit.hu/mailman/listinfo/tproxy"
                target="_blank">https://lists.balabit.hu/mailman/listinfo/tproxy</a><br>
              <br>
              <br>
            </div>
          </div>
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
tproxy mailing list
<a class="moz-txt-link-abbreviated" href="mailto:tproxy@lists.balabit.hu">tproxy@lists.balabit.hu</a>
<a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/tproxy">https://lists.balabit.hu/mailman/listinfo/tproxy</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>