No subject
Fri Feb 1 14:00:48 CET 2008
cttproxy. Am I correct in that assumption?
If I'm i have a question:
I have compiled my kernel (2.6.20) with this patch-set:
http://www.balabit.com/downloads/files/tproxy/obsolete/linux-2.6/cttproxy-2.6.20-2.0.6.tar.gz
And also IPTables 1.3.8 with the same patch-set
After that I have compiled squid-2.6.STABLE18 --enable-linux-tproxy after
copy'ing one or two .h-files to the right directory.
My squid.conf can be seen in the bottom of this email.
The bridge is working, traffic is flowing as it should, and the traffic is
redirected nicely after running this command:
/usr/local/sbin/iptables -t tproxy -A PREROUTING -p tcp -m tcp --dport 80
-j TPROXY --on-port 3128
But now it is the IP of the proxy that gets into the logs of the
webservers.
Have I missed something or might there be
/Brian
access_log /var/log/squid/access.log squid
acl CONNECT method CONNECT
acl QUERY urlpath_regex cgi-bin \?
acl SSL_ports port 443
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 21 # ftp
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 443 # https
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 70 # gopher
acl Safe_ports port 777 # multiling http
acl Safe_ports port 80 # http
acl all src 0.0.0.0/0.0.0.0
acl apache rep_header Server ^Apache
acl localhost src 127.0.0.1/255.255.255.255
acl manager proto cache_object
acl our_networks src 192.168.0.0/16 10.0.0.0/8
acl to_localhost dst 127.0.0.0/8
broken_vary_encoding allow apache
cache deny QUERY
cache_dir null /null
cache_log /var/log/squid/cache.log
cache_mem 256 MB
cache_store_log none
coredump_dir /var/log/squid/cache
dns_nameservers 10.30.17.73 10.30.17.71
forwarded_for off
hierarchy_stoplist cgi-bin ?
http_access allow manager localhost
http_access allow our_networks
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
http_access deny manager
http_port 3128 transparent tproxy
icp_access allow all
logfile_rotate 10
refresh_pattern . 0 20% 4320
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
tcp_outgoing_address 10.30.17.45
url_rewrite_children 30
url_rewrite_program /usr/bin/squidGuard
via off
--=_alternative 0062BD8BC12573EF_=
Content-Type: text/html; charset="US-ASCII"
<br><font size=2 face="sans-serif">Hello there</font>
<br>
<br><font size=2 face="sans-serif">I'm in the process of setting up a filtering
bridge for my work. I want to use Squid via url_redirect-option to do the
filtering. I want to se the source ip of the clients on the webservers
because of som logging isues and because the clients come from different
subnets and stuff like that I cant do anything against. </font>
<br>
<br><font size=2 face="sans-serif">I'm a little confused when it comes
to the versions of tproxy / cttproxy that I should use.</font>
<br><font size=2 face="sans-serif">From what I can read squid doesn't support
tproxy4 so i have to use cttproxy. Am I correct in that assumption?</font>
<br>
<br><font size=2 face="sans-serif">If I'm i have a question:</font>
<br><font size=2 face="sans-serif">I have compiled my kernel (2.6.20) with
this patch-set: http://www.balabit.com/downloads/files/tproxy/obsolete/linux-2.6/cttproxy-2.6.20-2.0.6.tar.gz</font>
<br><font size=2 face="sans-serif">And also IPTables 1.3.8 with the same
patch-set</font>
<br>
<br><font size=2 face="sans-serif">After that I have compiled squid-2.6.STABLE18
--enable-linux-tproxy after copy'ing one or two .h-files to the right
directory.</font>
<br><font size=2 face="sans-serif">My squid.conf can be seen in the bottom
of this email.</font>
<br>
<br><font size=2 face="sans-serif">The bridge is working, traffic is flowing
as it should, and the traffic is redirected nicely after running this command:</font>
<br><font size=2 face="sans-serif">/usr/local/sbin/iptables -t tproxy -A
PREROUTING -p tcp -m tcp --dport 80 -j TPROXY --on-port 3128</font>
<br>
<br><font size=2 face="sans-serif">But now it is the IP of the proxy that
gets into the logs of the webservers.</font>
<br>
<br><font size=2 face="sans-serif">Have I missed something or might there
be </font>
<br>
<br><font size=2 face="sans-serif">/Brian</font>
<br>
<br>
<br><font size=2 face="sans-serif">access_log /var/log/squid/access.log
squid</font>
<br><font size=2 face="sans-serif">acl CONNECT method CONNECT</font>
<br><font size=2 face="sans-serif">acl QUERY urlpath_regex cgi-bin \?</font>
<br><font size=2 face="sans-serif">acl SSL_ports port 443</font>
<br><font size=2 face="sans-serif">acl Safe_ports port 1025-65535 #
unregistered ports</font>
<br><font size=2 face="sans-serif">acl Safe_ports port 21
# ftp</font>
<br><font size=2 face="sans-serif">acl Safe_ports port 210
# wais</font>
<br><font size=2 face="sans-serif">acl Safe_ports port 280
# http-mgmt</font>
<br><font size=2 face="sans-serif">acl Safe_ports port 443
# https</font>
<br><font size=2 face="sans-serif">acl Safe_ports port 488
# gss-http</font>
<br><font size=2 face="sans-serif">acl Safe_ports port 591
# filemaker</font>
<br><font size=2 face="sans-serif">acl Safe_ports port 70
# gopher</font>
<br><font size=2 face="sans-serif">acl Safe_ports port 777
# multiling http</font>
<br><font size=2 face="sans-serif">acl Safe_ports port 80
# http</font>
<br><font size=2 face="sans-serif">acl all src 0.0.0.0/0.0.0.0</font>
<br><font size=2 face="sans-serif">acl apache rep_header Server ^Apache</font>
<br><font size=2 face="sans-serif">acl localhost src 127.0.0.1/255.255.255.255</font>
<br><font size=2 face="sans-serif">acl manager proto cache_object</font>
<br><font size=2 face="sans-serif">acl our_networks src 192.168.0.0/16
10.0.0.0/8</font>
<br><font size=2 face="sans-serif">acl to_localhost dst 127.0.0.0/8</font>
<br><font size=2 face="sans-serif">broken_vary_encoding allow apache</font>
<br><font size=2 face="sans-serif">cache deny QUERY</font>
<br><font size=2 face="sans-serif">cache_dir null /null</font>
<br><font size=2 face="sans-serif">cache_log /var/log/squid/cache.log</font>
<br><font size=2 face="sans-serif">cache_mem 256 MB</font>
<br><font size=2 face="sans-serif">cache_store_log none</font>
<br><font size=2 face="sans-serif">coredump_dir /var/log/squid/cache</font>
<br><font size=2 face="sans-serif">dns_nameservers 10.30.17.73 10.30.17.71</font>
<br><font size=2 face="sans-serif">forwarded_for off</font>
<br><font size=2 face="sans-serif">hierarchy_stoplist cgi-bin ?</font>
<br><font size=2 face="sans-serif">http_access allow manager localhost</font>
<br><font size=2 face="sans-serif">http_access allow our_networks</font>
<br><font size=2 face="sans-serif">http_access deny !Safe_ports</font>
<br><font size=2 face="sans-serif">http_access deny CONNECT !SSL_ports</font>
<br><font size=2 face="sans-serif">http_access deny all</font>
<br><font size=2 face="sans-serif">http_access deny manager</font>
<br><font size=2 face="sans-serif">http_port 3128 transparent tproxy</font>
<br><font size=2 face="sans-serif">icp_access allow all</font>
<br><font size=2 face="sans-serif">logfile_rotate 10</font>
<br><font size=2 face="sans-serif">refresh_pattern .
0 20% 4320</font>
<br><font size=2 face="sans-serif">refresh_pattern ^ftp:
1440 20% 10080</font>
<br><font size=2 face="sans-serif">refresh_pattern ^gopher:
1440 0% 1440</font>
<br><font size=2 face="sans-serif">tcp_outgoing_address 10.30.17.45</font>
<br><font size=2 face="sans-serif">url_rewrite_children 30</font>
<br><font size=2 face="sans-serif">url_rewrite_program /usr/bin/squidGuard</font>
<br><font size=2 face="sans-serif">via off</font>
--=_alternative 0062BD8BC12573EF_=--
More information about the tproxy
mailing list