[tproxy] TPROXY 4
Farhad Ibragimov
inara.ibragimova at gmail.com
Mon Aug 31 11:33:40 CEST 2009
I am having some trouble redirecting port 80 traffic to 3129 using
tproxy for transparent proxying.
The SYNs come in but there is no SYN-ACK going out.
Please help me !!!!!
My server have only one single interface with global ip addresses wich
connect directly to the internet
> Detailed information from my server
> #######################################################################
> ###############
> Squid Cache: Version 3.1.0.13
> configure options: '--enable-linux-netfilter' '--prefix=/squid/'
> --with-squid=/src/squid-3.1.0.13 --enable-ltdl-convenience
> [root at proxymain sysconfig]# cat /squid/etc/squid.conf
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32
> acl to_localhost dst 127.0.0.0/8
> acl test src 85.132.47.0/24
> acl test2 src 85.132.32.0/24
> acl test3 src 62.212.227.0/24
> acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
> acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
> acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl Safe_ports port 3129
> acl CONNECT method CONNECT
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow localnet
> http_access allow localhost
> http_access allow test
> http_access allow test2
> http_access allow test3
> http_access deny all
> http_port 3128
> http_port 3129 tproxy
> hierarchy_stoplist cgi-bin ?
> coredump_dir /squid/var/cache
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern . 0 20% 4320
> cache_effective_user squid
> cache_effective_group squid
> visible_hostname proxymain
> cache_dir ufs /cache 6000 16 256
> ######################################################################
> [root at proxymain sysconfig]# iptables -V (DOWNLOADED FROM
> NETFILTER.ORG-NOT PATCHED)
> iptables v1.4.3
> #######################################################################
> root at proxymain sysconfig]# uname -a (DONLOADED FORM KERNEL.ORG -
> WITHOWT ANY PATCHES FROM bALABIT)
> Linux 2.6.30.5-second #1 SMP Sun Aug 30 22:45:27 AZST 2009 x86_64 x86_64 x86_64 GNU/Linux
> #######################################################################
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
> DIVERT tcp -- anywhere anywhere socket
> TPROXY tcp -- anywhere anywhere tcp
> dpt:80 TPROXY redirect 0.0.0.0:3129 mark 0x1/0x1
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
> Chain DIVERT (1 references)
> target prot opt source destination
> MARK all -- anywhere anywhere MARK xset 0x1/0xffffffff
> ACCEPT all -- anywhere anywhere
> #######################################################################
> [root at proxymain sysconfig]# ip rule ls
> 0: from all lookup 255
> 32765: from all fwmark 0x1 lookup 100
> 32766: from all lookup main
> 32767: from all lookup default
> #####################################################################
> [root at proxymain sysconfig]# ip route ls table 100
> local default dev lo scope host
> #####################################################################
> [root at proxymain sysconfig]# lsmod | egrep "xt|nf"
> nf_nat 18924 1 iptable_nat
> nf_conntrack_ipv4 14448 3 iptable_nat,nf_nat
> xt_TPROXY 2616 1
> xt_tcpudp 3544 1
> xt_MARK 3064 1
> xt_socket 2904 1
> nf_tproxy_core 3160 2 xt_TPROXY,xt_socket,[permanent]
> nf_conntrack 68208 4
> iptable_nat,nf_nat,nf_conntrack_ipv4,xt_socket
> nf_defrag_ipv4 2456 3 nf_conntrack_ipv4,xt_TPROXY,xt_socket
> x_tables 22624 6
> iptable_nat,ip_tables,xt_TPROXY,xt_tcpudp,xt_MARK,xt_socket
> i2c_nforce2 7768 0
> i2c_core 25568 1 i2c_nforce2
> ext3 123528 2
> jbd 46848 1 ext3
>
> ######################################################################
> [root at proxymain sysconfig]# tcpdump -nn -i eth0 port 80
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
> 00:12:02.402611 IP 85.132.32.40.1532 > 85.132.32.34.80: S
> 3187993921:3187993921(0) win 65535 <mss 1460,nop,nop,sackOK>
> 00:12:02.403087 IP 85.132.32.34.80 > 85.132.32.40.1532: S
> 3741385741:3741385741(0) ack 3187993922 win 5840 <mss 1460,nop,nop,sackOK>
> 00:12:02.402697 IP 85.132.32.40.1532 > 85.132.32.34.80: . ack 1 win 65535
> 00:12:02.407937 IP 85.132.32.40.1532 > 85.132.32.34.80: P 1:413(412) ack 1 win 65535
> 00:12:02.407971 IP 85.132.32.34.80 > 85.132.32.40.1532: . ack 413 win 6432
> 00:12:02.408389 IP 85.132.32.40.42747 > 194.87.0.50.80: S
> 3750675832:3750675832(0) win 5840 <mss 1460,sackOK,timestamp 4169685 0,nop,wscale 7>
> 00:12:05.407861 IP 85.132.32.40.42747 > 194.87.0.50.80: S
> 3750675832:3750675832(0) win 5840 <mss 1460,sackOK,timestamp 4172685 0,nop,wscale 7>
> 00:12:11.407465 IP 85.132.32.40.42747 > 194.87.0.50.80: S
> 3750675832:3750675832(0) win 5840 <mss 1460,sackOK,timestamp 4178685 0,nop,wscale 7>
> 00:12:23.406682 IP 85.132.32.40.42747 > 194.87.0.50.80: S
> 3750675832:3750675832(0) win 5840 <mss 1460,sackOK,timestamp 4190685 0,nop,wscale 7>
> #######################################################################
> ##
> 2009/08/30 23:31:56| Starting Squid Cache version 3.1.0.13 for x86_64-unknown-linux-gnu...
> 2009/08/30 23:31:56| Process ID 12787
> 2009/08/30 23:31:56| With 1024 file descriptors available
> 2009/08/30 23:31:56| Initializing IP Cache...
> 2009/08/30 23:31:56| DNS Socket created at 0.0.0.0, FD 7
> 2009/08/30 23:31:56| Adding domain caspel.com from /etc/resolv.conf
> 2009/08/30 23:31:56| Adding nameserver 85.132.32.41 from /etc/resolv.conf
> 2009/08/30 23:31:56| Adding nameserver 85.132.32.42 from /etc/resolv.conf
> 2009/08/30 23:31:56| Unlinkd pipe opened on FD 12
> 2009/08/30 23:31:56| Store logging disabled
> 2009/08/30 23:31:56| Swap maxSize 6144000 + 262144 KB, estimated 492780 objects
> 2009/08/30 23:31:56| Target number of buckets: 24639
> 2009/08/30 23:31:56| Using 32768 Store buckets
> 2009/08/30 23:31:56| Max Mem size: 262144 KB
> 2009/08/30 23:31:56| Max Swap size: 6144000 KB
> 2009/08/30 23:31:56| Version 1 of swap file without LFS support detected...
> 2009/08/30 23:31:56| Rebuilding storage in /cache (CLEAN)
> 2009/08/30 23:31:56| Using Least Load store dir selection
> 2009/08/30 23:31:56| Set Current Directory to /squid/var/cache
> 2009/08/30 23:31:56| Loaded Icons.
> 2009/08/30 23:31:56| Accepting HTTP connections at 0.0.0.0:3128, FD 15.
> 2009/08/30 23:31:56| Accepting spoofing HTTP connections at 0.0.0.0:3129, FD 16.
> 2009/08/30 23:31:56| HTCP Disabled.
> 2009/08/30 23:31:56| Squid modules loaded: 0
> 2009/08/30 23:31:56| Ready to serve requests.
> 2009/08/30 23:31:56| Done reading /cache swaplog (0 entries)
> 2009/08/30 23:31:56| Finished rebuilding storage from disk.
> 2009/08/30 23:31:56| 0 Entries scanned
> 2009/08/30 23:31:56| 0 Invalid entries.
> 2009/08/30 23:31:56| 0 With invalid flags.
> 2009/08/30 23:31:56| 0 Objects loaded.
> 2009/08/30 23:31:56| 0 Objects expired.
> 2009/08/30 23:31:56| 0 Objects cancelled.
> 2009/08/30 23:31:56| 0 Duplicate URLs purged.
> 2009/08/30 23:31:56| 0 Swapfile clashes avoided.
> 2009/08/30 23:31:56| Took 0.01 seconds ( 0.00 objects/sec).
> 2009/08/30 23:31:56| Beginning Validation Procedure
> 2009/08/30 23:31:56| Completed Validation Procedure
> 2009/08/30 23:31:56| Validated 25 Entries
> 2009/08/30 23:31:56| store_swap_size = 0
> 2009/08/30 23:31:57| storeLateRelease: released 0 objects
> [root at proxymain sysconfig]#
> 1251655621.226 155982 85.132.32.40 TCP_MISS/503 4143 GET
> http://www.squid-cache.org/Artwork/SN.png -
> DIRECT/www.squid-cache.org text/html
> 1251655621.226 107693 85.132.47.219 TCP_MISS/503 4151 GET
> http://www.squid-cache.org/Artwork/SN.png -
> DIRECT/www.squid-cache.org text/html
> 1251655621.230 0 85.132.32.40 TCP_MISS/503 4143 GET
> http://www.squid-cache.org/Artwork/SN.png -
> DIRECT/www.squid-cache.org text/html
> 1251655646.107 6457 85.132.47.219 TCP_MISS/000 0 GET
> http://www.google.az/ - DIRECT/www.google.az -
> 1251655658.226 60014 85.132.47.219 TCP_MISS/504 4510 POST
> http://safebrowsing.clients.google.com/safebrowsing/downloads? -
> DIRECT/safebrowsing.clients.google.com text/html
> 1251656346.912 21227 85.132.32.40 TCP_MISS/000 0 GET
> http://194.87.0.50/ - DIRECT/194.87.0.50 -
> 1251656526.724 179798 85.132.32.40 TCP_MISS/504 3977 GET
> http://www.ru/ - DIRECT/194.87.0.50 text/html
> 1251656586.724 59968 85.132.32.40 TCP_MISS/504 4069 GET
> http://www.squid-cache.org/Artwork/SN.png - DIRECT/12.160.37.9 text/html
> 1251656867.544 88637 85.132.32.40 TCP_MISS/000 0 GET http://www.ru/ - DIRECT/www.ru -
> 1251657043.812 176266 85.132.32.40 TCP_MISS/000 0 GET http://www.ru/ - DIRECT/www.ru -
> 1251657101.539 60109 85.132.32.40 TCP_MISS/504 4018 GET
> http://www.ru/ - DIRECT/194.87.0.50 text/html
> 1251657207.136 64675 85.132.32.40 TCP_MISS/000 0 GET http://www.ru/ - DIRECT/www.ru -
> 1251657387.522 180384 85.132.32.40 TCP_MISS/504 4018 GET
> http://www.ru/ - DIRECT/194.87.0.50 text/html
> 1251657567.525 179983 85.132.32.40 TCP_MISS/504 4069 GET
> http://www.squid-cache.org/Artwork/SN.png - DIRECT/12.160.37.9 text/html
> 1251657569.936 9407 85.132.47.219 TCP_MISS/000 0 GET
> http://85.132.32.34/ - DIRECT/85.132.32.34 -
> 1251657725.527 180669 85.132.32.40 TCP_MISS/504 4018 GET
> http://www.ru/ - DIRECT/194.87.0.50 text/html
> 1251657905.534 179988 85.132.32.40 TCP_MISS/504 4069 GET
> http://www.squid-cache.org/Artwork/SN.png - DIRECT/12.160.37.9 text/html
> 1251658194.669 112560 85.132.32.40 TCP_MISS/000 0 GET http://www.ru/ - DIRECT/www.ru -
> 1251658283.066 88394 85.132.32.40 TCP_MISS/000 0 GET http://www.ru/ - DIRECT/www.ru -
> 1251658463.543 180476 85.132.32.40 TCP_MISS/504 4018 GET
> http://www.ru/ - DIRECT/194.87.0.50 text/html
> 1251658643.547 179986 85.132.32.40 TCP_MISS/504 4069 GET
> http://www.squid-cache.org/Artwork/SN.png - DIRECT/12.160.37.9 text/html
> 1251659072.554 60493 85.132.32.40 TCP_MISS/504 4473 POST
> http://safebrowsing.clients.google.com/safebrowsing/downloads? - DIRECT/74.125.87.100 text/html
> 1251659703.563 181155 85.132.32.40 TCP_MISS/504 4018 GET
> http://www.ru/ - DIRECT/194.87.0.50 text/html
--
Best regards,
Farhad mailto:inara.ibragimova at gmail.com
More information about the tproxy
mailing list