ICMP tcp port 80 unreachable [tos 0xc0] with Squid

[Henrique Pantarotto]

Linux friends,

I'm trying to setup a transparent proxy with Cisco and Linux/Squid.  For
the Linux server, I'm using Red Hat 6.0 with kernel 2.2.8.

I posted this message at the Squid mailing-list, but they told me this
should really be a Linux Networking issue, and not a Squid problem.

At my CISCO router, I use "ip policy route-map" to forward all web queries
to my Linux/Squid box.

At the Linux box, I forward all web queries to port 3128, where Squid is
installed.  This is done with ipchains this way:

ipchains -A input -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 80 -j REDIRECT 3128


But when I issue:

tcpdump -n -i eth0 src or dst 200.231.199.10 and proto ICMP

I get lots of lines like this:

17:29:16.470567 200.231.199.10 > 200.231.199.94: icmp: 200.239.234.31 tcp
port 80 unreachable [tos 0xc0]
17:29:16.474561 200.231.199.10 > 200.246.104.30: icmp: 200.246.5.65 tcp
port 80 unreachable [tos 0xc0]
17:29:16.479707 200.231.199.10 > 200.246.104.194: icmp: 192.160.13.190 tcp
port 80 unreachable [tos 0xc0]
17:29:16.483313 200.231.199.10 > 200.231.199.193: icmp: 200.211.190.120 tcp
port 80 unreachable [tos 0xc0]
17:29:16.509855 200.231.199.10 > 200.246.104.194: icmp: 192.160.13.190 tcp
port 80 unreachable [tos 0xc0]
17:29:16.557626 200.231.199.10 > 200.231.199.94: icmp: 200.244.143.130 tcp
port 80 unreachable [tos 0xc0]
17:29:16.652598 200.231.199.10 > 200.246.104.194: icmp: 192.160.13.190 tcp
port 80 unreachable [tos 0xc0]
17:29:16.669340 200.231.199.10 > 200.231.199.94: icmp: 200.239.234.31 tcp
port 80 unreachable [tos 0xc0]
17:29:16.682216 200.231.199.10 > 200.231.199.193: icmp: 200.246.5.92 tcp
port 80 unreachable [tos 0xc0]
17:29:16.701558 200.231.199.10 > 200.231.184.154: icmp: 200.236.96.3 tcp
port 80 unreachable [tos 0xc0]
17:29:16.712711 200.231.199.10 > 200.246.104.194: icmp: 192.160.13.190 tcp
port 80 unreachable [tos 0xc0]
17:29:16.872140 200.231.199.10 > 200.231.199.193: icmp: 200.246.5.65 tcp
port q80 unreachable [tos 0xc0]
17:29:16.897651 200.231.199.10 > 200.246.104.30: icmp: 209.216.198.28 tcp
port 80 unreachable [tos 0xc0]
17:29:16.907305 200.231.199.10 > 200.246.104.194: icmp: 192.160.13.190 tcp
port 80 unreachable [tos 0xc0]
17:29:16.978527 200.231.199.10 > 200.246.104.194: icmp: 192.160.13.190 tcp
port 80 unreachable [tos 0xc0]
17:29:17.058339 200.231.199.10 > 200.246.104.14: icmp: 129.187.254.93 tcp
port 80 unreachable [tos 0xc0]
17:29:17.062938 200.231.199.10 > 200.231.199.193: icmp: 206.132.173.34 tcp
port 80 unreachable [tos 0xc0]

200.231.199.10 is the Linux/Squid box.  200.246.104.0/24, 200.231.199.0/24
and 200.231.184.0/24 are my users.

My Linux kernel is compiled with the following options:
http://200.231.199.10:8080/kernel.txt

Does anyone knows what this could be?  Is it a problem with kernel 2.2.x?


Thanks!!

Henrique Pantarotto
Coord. T�cnico Operacional
CEPAnet Internet Provider
Web: http://www.cepa.com.br
Tel. suporte: +55 (011) 5506-8477
Sao Paulo - Brasil
Linux Friend
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]