hi I have a problem, but first I describe the scenario I have clients with public IP Mikrotik router redirecting traffic to SQUID Squid 3.1 with support for TPROXY Iptables 1.4.4 with support for TPROXY Debian Lenny / Kernel 2.6.28 with support for TPROXY well. The proxy works as well, and when I made some test pages whatismyip, shows that the ip is the CLIENT. However. I can not get my clients with public IP address simultaneously downloading from RapidShare / Megaupload ETC. The error shown within these pages is the typical already are downloading from that ip, so if viewing RapidShare IP SQUID in reality and not the client. How fix this? the configuration file of squid in the harbor is well http_port 81 tproxy Iptables: iptables -t mangle -N DIVERT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT iptables -t mangle -A PREROUTING -p tcp --dport 3128 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 81 ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100 echo 1 > /proc/sys/net/ipv4/ip_forward Mikrotik: Have a rule in the firewall to redirect all traffic to port 80 of the SQUID to the IP, port 3128 All clients create sessions PPPOE in Router Mikrotik May help?
On Tue, 2009-08-04 at 19:53 -0300, Carlos Botejara wrote:
hi I have a problem, but first I describe the scenario I have clients with public IP Mikrotik router redirecting traffic to SQUID Squid 3.1 with support for TPROXY Iptables 1.4.4 with support for TPROXY Debian Lenny / Kernel 2.6.28 with support for TPROXY
well. The proxy works as well, and when I made some test pages whatismyip, shows that the ip is the CLIENT. However. I can not get my clients with public IP address simultaneously downloading from RapidShare / Megaupload ETC. The error shown within these pages is the typical already are downloading from that ip, so if viewing RapidShare IP SQUID in reality and not the client. How fix this?
the configuration file of squid in the harbor is well
http_port 81 tproxy
Iptables:
iptables -t mangle -N DIVERT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT iptables -t mangle -A PREROUTING -p tcp --dport 3128 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 81
ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100
echo 1 > /proc/sys/net/ipv4/ip_forward
Mikrotik: Have a rule in the firewall to redirect all traffic to port 80 of the SQUID to the IP, port 3128
All clients create sessions PPPOE in Router Mikrotik
well, you should check whether the source IP address of the outgoing datagrams on the squid box is actually the client ip or not. -- Bazsi
participants (2)
-
Balazs Scheidler
-
Carlos Botejara