Re: [squid-users] TPROXY Error

Goz' Subject: RE: [squid-users] TPROXY Error Hey Ben, You are missing the critical output of the full command: Ip route show table 100 What you posted was: > 5. the output of 'ip route show table 100' $ ip route show default via 8.13.140.14 dev bond0.212 proto static 1.21.213.0/24

Re: [squid-users] TPROXY Error

Croitoru ; squid-users@lists.squid-cache.org Subject: Re: [squid-users] TPROXY Error By the help of God. Hi Eliezer, Thanks for your help. Please let me know if you need more information. Regards, Ben On 07/07/2021 14:01, Eliezer Croitoru wrote: Hey Ben, I want to try and reset this issue

Re: [squid-users] TPROXY Error

day, July 7, 2021 3:36 PM To: Eliezer Croitoru ; squid-users@lists.squid-cache.org Subject: Re: [squid-users] TPROXY Error By the help of God. Hi Eliezer, Thanks for your help. Please let me know if you need more information. Regards, Ben On 07/07/2021 14:01, Eliezer Croitoru wrote: > H

Re: [squid-users] TPROXY Error

35:03 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux Once we will have all the above details (reducing/modifying any private details) we can try to maybe help you. Eliezer -Original Message- From: squid-users On Behalf Of Ben Goz Sent: Wednesday, June 30, 2021 3:16 PM To: squid-users@lists.squid

Re: [squid-users] TPROXY Error

-Original Message- From: squid-users On Behalf Of Ben Goz Sent: Wednesday, June 30, 2021 3:16 PM To: squid-users@lists.squid-cache.org Subject: [squid-users] TPROXY Error By the help of God. Hi All, I'm trying to configure squid as a transparent proxy using TPROXY. The machine I'm using has 2 NICs

Re: [squid-users] TPROXY Error

On 5/07/21 11:31 pm, Ben Goz wrote: By the help of God. Someone have an idea what's wrong with my configuration? The config you have shown does not contain any visible issues. The feature page has information minimum kernel and library requirements for TPROXY to work reasonably well. There

Re: [squid-users] TPROXY Error

By the help of God. Someone have an idea what's wrong with my configuration? On 30/06/2021 15:55, Ben Goz wrote: On 30/06/2021 15:25, Antony Stone wrote: On Wednesday 30 June 2021 at 14:16:09, Ben Goz wrote: I'm trying to configure squid as a transparent proxy using TPROXY. The machine I'm

Re: [squid-users] TPROXY Error

On 30/06/2021 15:25, Antony Stone wrote: On Wednesday 30 June 2021 at 14:16:09, Ben Goz wrote: I'm trying to configure squid as a transparent proxy using TPROXY. The machine I'm using has 2 NICs, one for input and the other one for output traffic. The TPROXY iptables rules are configured on

Re: [squid-users] TPROXY Error

On Wednesday 30 June 2021 at 14:16:09, Ben Goz wrote: > I'm trying to configure squid as a transparent proxy using TPROXY. > The machine I'm using has 2 NICs, one for input and the other one for > output traffic. > The TPROXY iptables rules are configured on the input NIC. 1. Which version of

[squid-users] TPROXY Error

By the help of God. Hi All, I'm trying to configure squid as a transparent proxy using TPROXY. The machine I'm using has 2 NICs, one for input and the other one for output traffic. The TPROXY iptables rules are configured on the input NIC. It looks like iptables TPROXY redirect works but squid

Re: [squid-users] tproxy sslbump and user authentication

On Tuesday, April 21, 2020, 2:41:02 PM GMT+2, Matus UHLAR - fantomas wrote: >>On Tuesday, April 21, 2020, 8:29:28 AM GMT+2, Amos Jeffries >> wrote: >>> >>> Please see the FAQ: >>>

Re: [squid-users] tproxy sslbump and user authentication

On Tuesday, April 21, 2020, 8:29:28 AM GMT+2, Amos Jeffries wrote: > > Please see the FAQ: > > > Why bother with the second proxy at all? The explicit proxy has

Re: [squid-users] tproxy sslbump and user authentication

On Tuesday, April 21, 2020, 8:29:28 AM GMT+2, Amos Jeffries wrote: Please see the FAQ: Why bother with the second proxy at all? The explicit proxy has access to

Re: [squid-users] tproxy sslbump and user authentication

On 21/04/20 11:08 am, Vieri wrote: > Hi, > > Is it possible to somehow combine the filtering capabilities of tproxy > ssl-bump for access to https sites and the access control flexibility of > proxy_auth (eg. kerberos)? Please see the FAQ:

[squid-users] tproxy sslbump and user authentication

Hi, Is it possible to somehow combine the filtering capabilities of tproxy ssl-bump for access to https sites and the access control flexibility of proxy_auth (eg. kerberos)? Is having two proxy servers in sequence an acceptable approach, or can it be done within the same instance with the

Re: [squid-users] tproxy first time implementation on squid.

You might be missing a NAT at last node before the packet is left to Internet otherwise you need a public IP at the windows client. On Oct 22, 2017 19:08, "Hanoch Hanoch K" wrote: > Hi > I am trying to configure tproxy to expose the ip address i am using to > internet

[squid-users] tproxy first time implementation on squid.

Hi I am trying to configure tproxy to expose the ip address i am using to internet sites and not the ip address of the squid server. I did read the wiki from the squid web site and acted upon. the environment i am using is test and i will need to deploy it into producton when test will work and

Re: [squid-users] TProxy not working (Squid 3.5.12, Ubuntu Server 16.04.1)

n: squid-users@lists.squid-cache.org Betreff: Re: [squid-users] TProxy not working (Squid 3.5.12, Ubuntu Server 16.04.1) On 26/10/2016 7:42 p.m., Jens Offenbach wrote: > Hi, > I am trying to setup a transparent proxy with Squid 3.5.12 on Ubuntu Server > 16.04.1, but I cannot get it work

Re: [squid-users] TProxy not working (Squid 3.5.12, Ubuntu Server 16.04.1)

On 26/10/2016 7:42 p.m., Jens Offenbach wrote: > Hi, > I am trying to setup a transparent proxy with Squid 3.5.12 on Ubuntu Server > 16.04.1, but I cannot get it working. When a client tries to connect to the > web, the connection always times out. > > Hopefully, someone has an idea what's

[squid-users] TProxy not working (Squid 3.5.12, Ubuntu Server 16.04.1)

Hi, I am trying to setup a transparent proxy with Squid 3.5.12 on Ubuntu Server 16.04.1, but I cannot get it working. When a client tries to connect to the web, the connection always times out. Hopefully, someone has an idea what's going. uname-r: 4.4.0-45-generic sysct: net.ipv4.ip_forward=1

Re: [squid-users] TProxy and client_dst_passthru

Amos Jeffries wrote > ==> ORIGINAL_DST is should *only* ever be used on MISS or > REFRESH/revalidate traffic. Never on a HIT. Thus zero (0%) hit-ratio is > the expected behaviour. > > For the same reason that a report of the log traffic using "grep -v HIT" > will show zero cache ratio. I have

Re: [squid-users] TProxy and client_dst_passthru

On 09/11/2016 10:23 AM, Amos Jeffries wrote: > The only visible problem is why that 2% exists. > > ==> ORIGINAL_DST is should *only* ever be used on MISS or > REFRESH/revalidate traffic. Never on a HIT. Thus zero (0%) hit-ratio is > the expected behaviour. It is possible that a terminology

Re: [squid-users] TProxy and client_dst_passthru

On 12/09/2016 3:04 a.m., Omid Kosari wrote: > > I refer to following messages .i have same problem > The "problem" is misunderstanding of the log entry meaning. > > FredT wrote >> Hi Amos, >> >> We have done additional tests in production with ISPs and the ORIGINAL_DST >> in tproxy cannot be

Re: [squid-users] TProxy and client_dst_passthru

Antony Stone wrote > On Thursday 08 September 2016 at 12:27:42, Omid Kosari wrote: > >> Hi Fred, >> >> Same problem here . Do you found any solution or workaround ? > > Please clarify which message you are reply / referring to. > > Thanks, > > > Antony. > > -- > Archaeologists have found a

Re: [squid-users] TProxy and client_dst_passthru

On Thursday 08 September 2016 at 12:27:42, Omid Kosari wrote: > Hi Fred, > > Same problem here . Do you found any solution or workaround ? Please clarify which message you are reply / referring to. Thanks, Antony. -- Archaeologists have found a previously-unknown dinosaur which seems to

Re: [squid-users] TProxy and client_dst_passthru

Hi Fred, Same problem here . Do you found any solution or workaround ? Regards -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/TProxy-and-client-dst-passthru-tp4670189p4679422.html Sent from the Squid - Users mailing list archive at Nabble.com.

Re: [squid-users] TPROXY and IPv6 issues CentOS 7

On 24/10/2015 9:02 a.m., James White wrote: > I'm literally stumped at this point. The fact TPROXY is working for > IPv4 indicates that I have the necessary setup in place for TPROXY to > at least work, but IPv6 not working is a mystery. Like I said the > Squid box is fully IPv6 capable and

Re: [squid-users] TPROXY and IPv6 issues CentOS 7

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I'm literally stumped at this point. The fact TPROXY is working for IPv4 indicates that I have the necessary setup in place for TPROXY to at least work, but IPv6 not working is a mystery. Like I said the Squid box is fully IPv6 capable and clients

Re: [squid-users] TPROXY and IPv6 issues CentOS 7

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Amos, Thanks for your reply. I've tried setting the rp_filter values to 1 and 2 and there is no difference in behaviour. Traffic isn't being tagged on dport 3128 directly. What I meant was I needed to exclude the configured outgoing IPv6 address

Re: [squid-users] TPROXY and IPv6 issues CentOS 7

On 14/10/2015 7:07 a.m., James White wrote: > Hi all, > > I operate a squid box which has two http_port setups: > > http_port 3128 > http_port 3129 TPROXY > > I have implemented TPROXY to replace my NAT setup on a CentOS 7 Squid > 3.3 box. Currently the IPv4 connectivity is working great, the

[squid-users] TPROXY and IPv6 issues CentOS 7

Hi all, I operate a squid box which has two http_port setups: http_port 3128 http_port 3129 TPROXY I have implemented TPROXY to replace my NAT setup on a CentOS 7 Squid 3.3 box. Currently the IPv4 connectivity is working great, the IPv6 connectivity is broken when going through TPROXY. All IPv6

Re: [squid-users] TProxy and client_dst_passthru

Hi Amos, We did tons of tests with the latest Squid versions and this is not the behaviour with the host_verify_strict off and client_dst_passthru off. With those 2 options OFF, we see a lot of ORIGINAL_DST that we should not see if we follow your explainations, so it seems there is a bug

Re: [squid-users] TProxy and client_dst_passthru

On 4/07/2015 8:02 p.m., Stakres wrote: Hi Amos, We did tons of tests with the latest Squid versions and this is not the behaviour with the host_verify_strict off and client_dst_passthru off. With those 2 options OFF, we see a lot of ORIGINAL_DST that we should not see if we follow your

Re: [squid-users] TProxy and client_dst_passthru

Hi Amos, Can we expect a workaround to allow the object to the cache if the dns record is corrected by Squid instead that having an ORIGINAL_DST ? If Squid corrects the request, it mean the URL will be good, so we should be able to cache the object Fred -- View this message in context:

Re: [squid-users] TProxy and client_dst_passthru

On 4/07/2015 1:21 a.m., Stakres wrote: Amos, You told the Squid will check the original dns from the headers, then it'll do its own dns resolution to verify they both match. So, if no match, Squid does the request to internet based on the dns it found. If I'm right, that the current way,

Re: [squid-users] TProxy and client_dst_passthru

Amos, You told the Squid will check the original dns from the headers, then it'll do its own dns resolution to verify they both match. So, if no match, Squid does the request to internet based on the dns it found. If I'm right, that the current way, correct ? What we could do is the same way but

Re: [squid-users] TProxy and client_dst_passthru

On 4/07/2015 12:05 a.m., Stakres wrote: Hi Amos, Can we expect a workaround to allow the object to the cache if the dns record is corrected by Squid instead that having an ORIGINAL_DST ? If Squid corrects the request, it mean the URL will be good, so we should be able to cache the object

Re: [squid-users] TProxy and client_dst_passthru

Hi, I'm back to this post because it still does not work. You explain OFF - Squid selects a (possibly new, or not) IP to be used as the server (logs DIRECT)., sorry to say this is not the reality in the Squid. We have set the pass-thru directive to OFF and here is the result: TCP_MISS/206 72540

Re: [squid-users] TProxy and client_dst_passthru

Hi Amos, 216.58.220.36 != www.google.com ??? Have a look: http://www.ip-adress.com/whois/216.58.220.36, this is google. Depending the DNS server used, the IP can change, we know that especialy due to BGP. In the case the client is an ISP providing internet to smaller ISPs with different DNS

Re: [squid-users] TProxy and client_dst_passthru

On 2/07/2015 6:32 p.m., Stakres wrote: Hi, I'm back to this post because it still does not work. You explain OFF - Squid selects a (possibly new, or not) IP to be used as the server (logs DIRECT)., sorry to say this is not the reality in the Squid. We have set the pass-thru directive to

Re: [squid-users] TProxy and client_dst_passthru

Hi Yury, In your installation, with your devices... At home, I do the same like you, but I'm not an ISP. Here the issue is that end users could use different dns the ISPs cannot control. Home/Entreprise, the admin can control the used DNS servers with devices. In an ISP environment, we cannot

Re: [squid-users] TProxy and client_dst_passthru

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Fred, I'm talkin not about localhost installation. My squid serves business-center. With hundreds of users. In this environment, we use also transparent DNS interception onto DNS cache. DNS cache itself uses clean sources for resolving, using

Re: [squid-users] TProxy and client_dst_passthru

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Fred, I'm talkin not about localhost installation. My squid serves business-center. With hundreds of users. In this environment, we use also transparent DNS interception onto DNS cache. DNS cache itself uses clean sources for resolving, using

Re: [squid-users] TProxy and client_dst_passthru

Hi Amos, We have done additional tests in production with ISPs and the ORIGINAL_DST in tproxy cannot be cached. In normal mode (not tproxy), ORIGINAL_DST can be cached, no problem. But once in tproxy (http_port 3128 tproxy), no way, it's impossible to get TCP_HIT. We have played with the

Re: [squid-users] TProxy and client_dst_passthru

On 4/03/2015 8:19 p.m., Stakres wrote: Hi Eliezer, Well, we have done many tests with Squid (3.1 to 3.5.x), disabling client_dst_passthru (off) will stop the DNS entry as explained in the wiki, the option directly acts on the flag ORIGINAL_DST. You literally have that backwards. The cause

[squid-users] TProxy and client_dst_passthru

Hi All, Does someone know why the *client_dst_passthru* does not work in TProxy mode ? From the Squid wiki, we can read that: /Regardless of this option setting, when dealing with intercepted traffic Squid will verify the Host: header and any traffic which fails Host verification will be treated

Re: [squid-users] TProxy and client_dst_passthru

Hey Fred, It is unclear what doesn't work for you. What would you expect to work and how it works or doesn't work from a user perspective rather then an admin? Is there any trouble from the user side about this issue? Eliezer On 04/03/2015 00:14, Stakres wrote: Hi All, Does someone know

Re: [squid-users] TProxy and client_dst_passthru

Hi Eliezer, Well, we have done many tests with Squid (3.1 to 3.5.x), disabling client_dst_passthru (off) will stop the DNS entry as explained in the wiki, the option directly acts on the flag ORIGINAL_DST. As you know, ORIGINAL_DST switches the optimization off (ex: StoreID) then it's not

Re: [squid-users] Tproxy immediately closing connection

I installed libcap-dev package, recompiled squid and TPROXY is now working fine for both IPv4 and IPv6. Thanks Amos! On 2014-07-26 11:35, Amos Jeffries wrote: On 25/07/2014 10:02 a.m., Jan Krupa wrote: Hi all, I've been struggling to configure transparent proxy for IPv6 on my Raspberry Pi

Re: [squid-users] Tproxy immediately closing connection

On 25/07/2014 10:02 a.m., Jan Krupa wrote: Hi all, I've been struggling to configure transparent proxy for IPv6 on my Raspberry Pi acting as a router following the guide: http://wiki.squid-cache.org/Features/Tproxy4 Despite all my efforts, all I got was squid squid immediately closing

[squid-users] Tproxy immediately closing connection

Hi all, I've been struggling to configure transparent proxy for IPv6 on my Raspberry Pi acting as a router following the guide: http://wiki.squid-cache.org/Features/Tproxy4 Despite all my efforts, all I got was squid squid immediately closing connection after it was established (not

Re: [squid-users] TPROXY Squid Error.

Well about the rules of mikrotik you already know that NAT is not the direction. In any case about the basic_data.sh script. I had a type but.. What terminal are you using?? In most color terminals you won't see the special markings. Thanks, Eliezer On 07/10/2014 03:28 AM, Info OoDoO wrote:

Re: [squid-users] TPROXY Squid Error.

Hi, I'm using Microtik 1100 AH X2 Router, here is my Basic Data from your latest script. http://pastebin.com/GHkD5yYx Thanks, Ganesh J On Wed, Jul 9, 2014 at 1:08 AM, Eliezer Croitoru elie...@ngtech.co.il wrote: What router are you using?? Eliezer P.S. I will be at the squid irc channel

Re: [squid-users] TPROXY Squid Error.

What are the rules in Mikrotik that you are using? What is the network diagram? How many interfaces on Mikrotik are you using for this purpose? How many NICs are there on the Squid box? Can you give an idea of your network diagram? Also, a few days ago, I also posted the rules that I am using

Re: [squid-users] TPROXY Squid Error.

I use two ports in Micortik Router. one for WAN and other for LAN, I have No rules setup in Router except the natting Src and Dst for private to public IP and vice versa. There are two nics in squid box. but I am using only one. The Lan From router is Connected to switch and the squid nic is

Re: [squid-users] TPROXY Squid Error.

There you go. NAT rules will not work on TProxy. You need to play with Mangle rules. The ones I am using are: /ip fir man add action=mark-routing chain=prerouting disabled=no dst-port=80 new-routing-mark=_to_squid_ passthrough=yes protocol=tcp src-address-list=_to_squid_ src-mac-address=!MAC

Re: [squid-users] TPROXY Squid Error.

Thanks Hassan, I have covered all the steps except the WCCP Configuration, Coz i dont use WCCP Router. I tried discovering for Routing loop and was unable to find any, Could you please help me How to Find a Routing loop. Here is my Squid Conf and my TCPdump sample. http://pastebin.com/aJskfywx

Re: [squid-users] TPROXY Squid Error.

tcpdump shows traffic flowing both ways, which is good. We also need to have the following settings: # sysctl.conf net.ipv4.ip_forward = 1 net.ipv4.conf.default.rp_filter = 0 net.ipv4.conf.all.rp_filter = 0 net.ipv4.conf.eth0.rp_filter = 0 net.ipv4.conf.eth1.rp_filter = 0 The last two lines

Re: [squid-users] TPROXY Squid Error.

Thanks Hassan, Yes I have the following settings done. Please see the details in the pastebin http://pastebin.com/YzKDSV7J -- Find Results. http://pastebin.com/XhZYiDxm --sysctl.conf Thanks, Ganesh J On Tue, Jul 8, 2014 at 2:29 PM, Nyamul Hassan nya...@gmail.com wrote: tcpdump shows traffic

Re: [squid-users] TPROXY Squid Error.

Ok. Good so far. I saw you opened another email about this. Please keep related discussions in one single thread. We had similar TProxy issues around 7-8 days ago. From your emails, it seems you are running CentOS 6.5, just like we are. The difference is that you are using Squid 3.1 which is

Re: [squid-users] TPROXY Squid Error.

Sorry for the other mail chain. it was opened accidentally yesterday. Thanks for the response. please find the required data below. http://pastebin.com/Abs3QmMe -- cache.log http://pastebin.com/eS94BHHu -- TCP Dump. I was able to see the site logged in access.log with http code 504, Gateway

Re: [squid-users] TPROXY Squid Error.

+Eliezer Thanks, Ganesh J On Tue, Jul 8, 2014 at 11:46 PM, Info OoDoO i...@oodoo.co.in wrote: Sorry for the other mail chain. it was opened accidentally yesterday. Thanks for the response. please find the required data below. http://pastebin.com/Abs3QmMe -- cache.log

Re: [squid-users] TPROXY Squid Error.

For your kind attention, i have not installed Squid 3.1.10 from YUM. I have Compiled and installed from the source with the following options. http://pastebin.com/jFhzd3qj Oh! If you did compile it, then can you check if you have libcap-devel installed? Regards HASSAN

Re: [squid-users] TPROXY Squid Error.

Yes.. it is installed.. libcap-devel.x86_64 2.16-5.5.el6 @base Thanks, Ganesh J On Tue, Jul 8, 2014 at 11:49 PM, Nyamul Hassan nya...@gmail.com wrote: For your kind attention, i have not installed Squid 3.1.10 from YUM. I have Compiled and installed from the

Re: [squid-users] TPROXY Squid Error.

Sorry, I installed it recently and it was not there when i compiled and configured squid from source. Thanks, Ganesh J On Tue, Jul 8, 2014 at 11:52 PM, Info OoDoO i...@oodoo.co.in wrote: Yes.. it is installed.. libcap-devel.x86_64 2.16-5.5.el6 @base Thanks,

Re: [squid-users] TPROXY Squid Error.

We were in the same problem just a few days ago. Can you recompile and check? Also, since you are compiling, then can you also try the latest stable version 3.4.6? Regards HASSAN On Wed, Jul 9, 2014 at 12:24 AM, Info OoDoO i...@oodoo.co.in wrote: Sorry, I installed it recently and it was not

Re: [squid-users] TPROXY Squid Error.

Configured Squid 3.4.6 again with all the options, still facing the same issue. Thanks, Ganesh J On Tue, Jul 8, 2014 at 11:55 PM, Nyamul Hassan nya...@gmail.com wrote: We were in the same problem just a few days ago. Can you recompile and check? Also, since you are compiling, then can you

Re: [squid-users] TPROXY Squid Error.

What router are you using?? Eliezer P.S. I will be at the squid irc channel for about couple hours http://webchat.freenode.net/?channels=squid On 07/08/2014 10:19 PM, Info OoDoO wrote: Configured Squid 3.4.6 again with all the options, still facing the same issue. Thanks, Ganesh J On Tue,

[squid-users] TPROXY Squid Error.

I have configured squid with the options in the below paste .. http://pastebin.com/jFhzd3qj I packets are being forwarded from the cache box to internet and i'm able to see the Client Public address instaed of squid Box Public Address.. the Issue here is the requests are not being forwarded by or

Re: [squid-users] TPROXY Squid Error.

Can you also pastebin your squid.conf? Regards HASSAN On Tue, Jul 8, 2014 at 12:53 AM, collect oodoo coll...@oodoo.co.in wrote: I have configured squid with the options in the below paste .. http://pastebin.com/jFhzd3qj I packets are being forwarded from the cache box to internet and i'm

Re: [squid-users] TPROXY Squid Error.

Hi Ganesh, In your basic data pastebin, seems like the ip rule and ip route rules are missing. Please see if running the following commands helps the situation: * echo 100 squidtproxy /etc/iproute2/rt_tables * ip rule add fwmark 1 lookup 100 * ip route add local default dev lo table 100

Re: [squid-users] TPROXY Squid Error.

Thanks Hassan, Now the request are passing through Squid but Failing with 110 Connection Timed Out Error. When I use transparent Mode its working fine. Any Idea..!! Thanks, Ganesh J Thanks, OodoO Fiber, +91 8940808080 www.oodoo.co.in On Tue, Jul 8, 2014 at 1:16 AM, Nyamul Hassan

Re: [squid-users] TPROXY Squid Error.

Did you check the possibility of a routing loop as described in the troubleshooting section of the TProxy wiki page? In fact, can you check that you have covered all the steps mentioned in that section? Regards HASSAN On Tue, Jul 8, 2014 at 2:37 AM, Info OoDoO i...@oodoo.co.in wrote: Thanks

Re: [squid-users] TProxy Setup

Hey Hassan, I have found this interesting proxy setup in youtube: http://www.youtube.com/watch?v=S65Gp79YHu8 Which is exactly what you need for your case. I also see now that mikrotik routers do make it very simple to setup. Note that this setup uses a upstream proxy which is using port 8080

Re: [squid-users] TProxy Setup

Thanks for the video, Eliezer! The Mikrotik configuration part was quite interesting! New Basic Data: http://pastebin.com/ULT2d4Ej Debug (All,1 89,9 17,3) http://pastebin.com/0Ycgtea2 Just one request from the client browser was made. The destination is also a server under our control.

Re: [squid-users] TProxy Setup

On 2014-07-06 20:18, Nyamul Hassan wrote: Thanks for the video, Eliezer! The Mikrotik configuration part was quite interesting! New Basic Data: http://pastebin.com/ULT2d4Ej Debug (All,1 89,9 17,3) http://pastebin.com/0Ycgtea2 Just one request from the client browser was made. The

Re: [squid-users] TProxy Setup

Dear Amos, Thank you for your suggestion! The browser on the client is Chrome. Interestingly, when I try to open any link in Chrome, it tries 3 times. But, when we try from an Incognito Mode window, it makes only one request. Morever, there are two routers: one for Host - Rtr1 - Squid another

Re: [squid-users] TProxy Setup

Dear Amos, I was working with Eliezer with the debug_options in Squid, and with a ALL,9 option, captured the relevant log for a request from Incognito Chrome on client: http://pastebin.com/WWYpxceG I am trying to understand the flow within Squid: Line_1-7 shows that the packet was recieved

Re: [squid-users] TProxy Setup

On 2014-07-06 23:09, Nyamul Hassan wrote: Dear Amos, I was working with Eliezer with the debug_options in Squid, and with a ALL,9 option, captured the relevant log for a request from Incognito Chrome on client: http://pastebin.com/WWYpxceG I am trying to understand the flow within Squid:

Re: [squid-users] TProxy Setup

On Sun, Jul 6, 2014 at 6:32 PM, Amos Jeffries squ...@treenet.co.nz wrote: Does that help in anyway, or am I barking up the wrong tree? This is the right direction. The next thing is to find out why the accepted socket has an error flag attached to it by TcpAcceptor. (Eliezer will have to

Re: [squid-users] TProxy Setup

The problem has been found! I did not have libcap-devel installed. This is a primary requirement for TProxy. Nonetheless, Squid also does not throw any error during runtime. It opens the TProxy port, inspite of not having it compiled. This is a bug. Thank you Eliezer for your extensive help

Re: [squid-users] TProxy Setup

Just filed the bug: http://bugs.squid-cache.org/show_bug.cgi?id=4078 Regards HASSAN On Sun, Jul 6, 2014 at 9:29 PM, Nyamul Hassan nya...@gmail.com wrote: The problem has been found! I did not have libcap-devel installed. This is a primary requirement for TProxy. Nonetheless, Squid also

Re: [squid-users] TProxy Setup

I apologize Eliezer if my words meant that Squid in general was flawed. On the contrary, we have been using Squid 2 for almost 6 years over multiple proxies, and have only found it to be among the exceptional open source softwares out there. And, the community behind Squid also compares to the

Re: [squid-users] TProxy Setup

Hey, I cannot tell you it's the case since I do not tend to verify that tproxy works on every squid release due to the basic small changes that happen from minor version to the other. I test it on the first major release such as 3.3 and 3.4 and then don't tend to check it later. But I am

Re: [squid-users] TProxy Setup

Thank you Eliezer for your email. We have been able to get the information into pastebin as follows: Squid.conf http://pastebin.com/QGCfXbCk ./basic_data.sh http://pastebin.com/EP8kB8MU Debug (All,9) http://pastebin.com/WWYpxceG We already were reading the full debug logs, when your email

Re: [squid-users] TProxy Setup

Hey Hassan, OK so after looking at the debug script: - you don't have squid running at the time that the script ran.(no port 3129 listening) - I need the relevant ALL,1 89,9 debug specifically.. All any other debug sections I do not care about right now. I see you are running CentOS by the

Re: [squid-users] TProxy Setup

Just some quick answers to your questions inline below. (I've not had time to consider this in detail sorry.) On 2014-07-04 03:03, Nyamul Hassan wrote: Thank you Amos Eliezer for your responses! Amos, we have enabled debug_options 11,2, but that did not show any HTTP request being received

Re: [squid-users] TProxy Setup

That is the problem then. Something is blocking the traffic arriving at Squid listening port. selinux, rp_filter or ip_forward sysctl settings I usually find are the problem for this, although there have been a few cases where nobody could figure out why this was happening. We might be

Re: [squid-users] TProxy Setup

Dear Amos, We just found a small software: https://github.com/kristrev/tproxy-example As the author put it: The example transparent proxy application accepts TCP connections on the specified port (set to 9876 in tproxy_test.h) and attempts a TCP connection to the original host. If it is

Re: [squid-users] TProxy Setup

Hey, I am not sure if you understand you question which is: I have a software that works on many many many many systems around the world, Why is it not working for me? because of the setup or because of the software? I would not say that computers are saints or that software are perfect but

Re: [squid-users] TProxy Setup

Thank you Amos Eliezer for your responses! Amos, we have enabled debug_options 11,2, but that did not show any HTTP request being received by Squid, not even after doing the changes that Eliezer suggested. But they did show up, when we reverted back to http_port 3127 intercept related

[squid-users] TProxy Setup

Hi, We are trying to run Squid 3.4.6 with TProxy. Earlier we used to run Squid 2.7.Stable9 in transparent mode with a DNAT rule on the router box to redirect traffic. This being our first jibe at Squid3, we have successfully configured intercept mode with the router doing a policy-based routing

Re: [squid-users] TProxy Setup

On 2014-07-03 12:01, Nyamul Hassan wrote: Hi, We are trying to run Squid 3.4.6 with TProxy. Earlier we used to run Squid 2.7.Stable9 in transparent mode with a DNAT rule on the router box to redirect traffic. This being our first jibe at Squid3, we have successfully configured intercept mode

Re: [squid-users] TProxy Setup

Hey There, You have seem to use the wrong rules in ip route and maybe something else. I need more for the picture to understand what and how you implemented it. What I need is the IP and wires topology. Wccp is not good for you(maybe) but the examples are perfect from any aspect. Take a peek

[squid-users] TPROXY surf as client

We have full TPROXY in our network . Is there a way to surf an address with clients IP addresses ? Lets think we have 1000 ip addresses . I want Squid opens google.com with those 1000 IPs . Something like fake traffic from different users . I know i may use squidclient or a script on squid box but

Re: [squid-users] TPROXY surf as client

On 21/06/2014 7:46 p.m., Omid Kosari wrote: We have full TPROXY in our network . Is there a way to surf an address with clients IP addresses ? Send HTTP requests from the client machine, or re-allocate the IP address to a test machine and request from there. Lets think we have 1000 ip

Re: [squid-users] Tproxy mode on Debian 7 Table does not exist

Thanks Eliezer, But using tmangle allows me to use tproxy in Squid http_port ? -Message d'origine- From: Eliezer Croitoru Sent: Wednesday, February 26, 2014 3:18 PM To: squid-users@squid-cache.org Subject: Re: [squid-users] Tproxy mode on Debian 7 Table does not exist You should

Re: [squid-users] Tproxy mode on Debian 7 Table does not exist

:18 PM To: squid-users@squid-cache.org Subject: Re: [squid-users] Tproxy mode on Debian 7 Table does not exist You should use -t mangle instead of tproxy Good luck, Eliezer On 26/02/2014 13:57, David Touzeau wrote: uname –a report #1 SMP Debian 3.2.51-1 x86_64 GNU/Linux iptables -t

[squid-users] Tproxy mode on Debian 7 Table does not exist

Hi all I’m trying to implement the Tproxy mode on Debian 7 without successs. Is there anybody have successfully implement it on Debian 7 I have setup this : modprobe -a nf_tproxy_core xt_TPROXY xt_socket xt_mark ip_gre gre lsmod |grep proxy nf_tproxy_core 12404 1 xt_TPROXY uname –a

Re: [squid-users] Tproxy mode on Debian 7 Table does not exist

You should use -t mangle instead of tproxy Good luck, Eliezer On 26/02/2014 13:57, David Touzeau wrote: uname –a report #1 SMP Debian 3.2.51-1 x86_64 GNU/Linux iptables -t tproxy -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j TPROXY --on-port 80 iptables v1.4.14: can't initialize iptables

  1   2   3   4   5   >