2013-01-16 10:56, Daniel Hartmeier skrev:
On Wed, Jan 16, 2013 at 10:19:45AM +0100, Leslie Jensen wrote:
The squid access.log says tcp_miss which should mean that the
website has not replied.
The browser shows the squid access denied screen.
I cannot see any denied packets with tcpdump.
Commenting out the rdr rule gives direct access but I would like to
get the use of squid back again.
I would appreciate further suggestions because at the moment I'm stuck!
Standard debugging procedure, then:
On the firewall, run the following
fw# tcpdump -nvpi bge0 host 172.18.0.1
fw# tcpdump -nvpi xl0 tcp port 80
fw# tcpdump -nvvveeepi pflog0
Then initiate a single connection attempt from the proxy, like with
proxy# nc -v www.openbsd.org 80
and watch the output of the tcpdumps.
What do you expect to see?
1) TCP SYN from 172.18.0.1 to 129.128.5.194:80 on bge0
2) TCP SYN from $ext_if to 129.128.5.194:80 on xl0
3) TCP SYN+ACK from 129.128.5.194:80 to $ext_if on xl0
4) TCP SYN+ACK from 129.128.5.194:80 to 172.18.0.1 on bge0
5) nothing on pflog0 (except 'pass' messages)
What do you see instead?
If you see block messages on pflog0, re-post your current ruleset.
Daniel
Hello again.
I've now isolated the other machines from the network.
Please see results of the tests below.
with tcpdump -nvpi bge0 host 172.18.0.1 and nc -v www.openbsd.org 80 I get
Connection to www.openbsd.org 80 port [tcp/http] succeeded
Nothing shows with tcpdump
With tcpdump -nvpi xl0 tcp port 80
tcpdump: listening on xl0, link-type EN10MB (Ethernet), capture size 96
bytes
19:28:09.968833 IP (tos 0x0, ttl 64, id 31116, offset 0, flags [DF],
proto TCP (6), length 60)
194.237.176.105.43068 > 129.128.5.194.80: Flags [S], cksum 0xac3b
(correct), seq 3947358905, win 65535, options [mss 1460,nop,wscale
3,sackOK,TS val 45752295 ecr 0], length 0
19:28:10.118644 IP (tos 0x0, ttl 49, id 16050, offset 0, flags [DF],
proto TCP (6), length 64)
129.128.5.194.80 > 194.237.176.105.43068: Flags [S.], cksum 0x48b0
(correct), seq 3954007035, ack 3947358906, win 16384, options [mss
1460,nop,nop,sackOK,nop,wscale 3,nop,nop,TS val 2145602023 ecr
45752295], length 0
19:28:10.118688 IP (tos 0x0, ttl 64, id 31117, offset 0, flags [DF],
proto TCP (6), length 52)
194.237.176.105.43068 > 129.128.5.194.80: Flags [.], cksum 0xa862
(correct), ack 1, win 8326, options [nop,nop,TS val 45752445 ecr
2145602023], length 0
19:28:42.537896 IP (tos 0x0, ttl 49, id 24173, offset 0, flags [DF],
proto TCP (6), length 52)
129.128.5.194.80 > 194.237.176.105.43068: Flags [F.], cksum 0xc02a
(correct), seq 1, ack 1, win 2172, options [nop,nop,TS val 2145602088
ecr 45752445], length 0
19:28:42.537963 IP (tos 0x0, ttl 64, id 31125, offset 0, flags [DF],
proto TCP (6), length 52)
194.237.176.105.43068 > 129.128.5.194.80: Flags [.], cksum 0x297d
(correct), ack 2, win 8326, options [nop,nop,TS val 45784864 ecr
2145602088], length 0
19:28:42.537999 IP (tos 0x0, ttl 64, id 31126, offset 0, flags [DF],
proto TCP (6), length 52)
194.237.176.105.43068 > 129.128.5.194.80: Flags [F.], cksum 0x297c
(correct), seq 1, ack 2, win 8326, options [nop,nop,TS val 45784864 ecr
2145602088], length 0
19:28:42.689844 IP (tos 0x0, ttl 49, id 32623, offset 0, flags [DF],
proto TCP (6), length 52)
129.128.5.194.80 > 194.237.176.105.43068: Flags [.], cksum 0x4185
(correct), ack 2, win 2172, options [nop,nop,TS val 2145602089 ecr
45784864], length 0
And
Connection to www.openbsd.org 80 port [tcp/http] succeeded
With tcpdump -nvvveeepi pflog0
tcpdump: WARNING: pflog0: no IPv4 address assigned
tcpdump: listening on pflog0, link-type PFLOG (OpenBSD pflog file),
capture size 96 bytes
19:31:46.009901 rule 6/0(match): pass out on xl0: (tos 0x0, ttl 64, id
31360, offset 0, flags [none], proto UDP (17), length 72)
194.237.176.105.50724 > 195.67.199.39.53: [|domain]
19:31:46.018267 rule 6/0(match): pass out on xl0: (tos 0x0, ttl 64, id
31362, offset 0, flags [DF], proto TCP (6), length 60)
194.237.176.105.13765 > 129.128.5.194.80: [|tcp]
19:32:12.285752 rule 18/0(match): pass in on bge0: (tos 0x0, ttl 64, id
705, offset 0, flags [none], proto UDP (17), length 76)
And
Connection to www.openbsd.org 80 port [tcp/http] succeeded
I see that rules #6 and #18 matches, but where can I see if the packet
has been redirected to port 8080 and that it has been intercepted by squid?
Thanks
/Leslie
