[tproxy] TPROXY - Hotmail, Yahoo!, and Facebook not working

Pablo Armando paa.listas at gmail.com
Fri Feb 11 23:35:04 CET 2011 

Hello,

    I am new in this list; I hope that I can make the right questions.

I have configured TPROXY (with SQUID 3.1 and SQUID 2.7.STABLE9) and i can
_not_ browse hotmail (i can login, but nothing else), yahoo and facebook
AFAIK. I _can_ browse all other sites without problems, HTTPS sites
included.

I tried http://squidproxy.wordpress.com/2008/04/29/chunked-decoding/, but
the problems remains.

Adding these lines to the standard TPROXY firewall rules let me get
partially hotmail access, full access to yahoo, and, some times, partial
facebook access:

--------------
    iptables -A PREROUTING -t mangle -p tcp -d login.live.com --dport 80 -j
ACCEPT
    iptables -A PREROUTING -t mangle -p tcp -s login.live.com --dport 80 -j
ACCEPT

    iptables -A PREROUTING -t mangle -p tcp -d mail.live.com --dport 80 -j
ACCEPT
    iptables -A PREROUTING -t mangle -p tcp -s mail.live.com --dport 80 -j
ACCEPT

    iptables -A PREROUTING -t mangle -p tcp -d
co117w.col117.mail.live.com--dport 80 -j ACCEPT
    iptables -A PREROUTING -t mangle -p tcp -s
co117w.col117.mail.live.com--dport 80 -j ACCEPT

    iptables -A PREROUTING -t mangle -p tcp -d l.yimg.com --dport 80 -j
ACCEPT
    iptables -A PREROUTING -t mangle -p tcp -s l.yimg.com --dport 80 -j
ACCEPT
    iptables -A PREROUTING -t mangle -p tcp -d l1.yimg.com --dport 80 -j
ACCEPT
    iptables -A PREROUTING -t mangle -p tcp -s l1.yimg.com --dport 80 -j
ACCEPT

    iptables -A PREROUTING -t mangle -p tcp -d d.yimg.com --dport 80 -j
ACCEPT
    iptables -A PREROUTING -t mangle -p tcp -s d.yimg.com --dport 80 -j
ACCEPT

    iptables -A PREROUTING -t mangle -p tcp -d www.facebook.com --dport 80
-j ACCEPT
    iptables -A PREROUTING -t mangle -p tcp -s www.facebook.com --dport 80
-j ACCEPT

--------------

The problem with this approach is that there are a lot of domains involved,
and a lot of IPs ranges. It is not practical at all.

I really don’t know which could be the problem. If I use SQUID directly
(http_port 3128 and browser configuration) I can access all those sites
without any problem, but when socket interception is enable, something
happen and those sites become unavailable.

What can be happening here? Any of you have seen these problems? How can i
resolve this situation?

Thanks in advance and sorry for my poor English.
Pablo.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20110211/1f82b489/attachment.htm

More information about the tproxy mailing list