i put squid on debug section: 89 to follow tproxy and 17 to see what is
going on inside other stuff and i found out this:
section 89 fine not showing anything about using the client ip as
192.168.102.100 :
2012/01/06 04:23:54.072| IpIntercept.cc(381) NatLookup: address BEGIN:
me= 212.179.154.226:80, client= 212.179.154.226:80, dst=
192.168.102.100:1063, peer= 192.168.102.100:1063
2012/01/06 04:23:54.074| IpIntercept.cc(166) NetfilterTransparent:
address TPROXY: me= 212.179.154.226:80, client= 192.168.102.100
section 17 show abnormail thing:
(the outgoing address to the server is the client address and not one of
the server address)
2012/01/06 04:28:36.782| store_client::copy:
7DEA6A0583B90AB461F576C6AEE4AA50, from 0, for length 4096, cb 1, cbdata
0x882b5b8
2012/01/06 04:28:36.783| storeClientCopy2: 7DEA6A0583B90AB461F576C6AEE4AA50
2012/01/06 04:28:36.784| store_client::doCopy: Waiting for more
2012/01/06 04:28:36.785| FwdState::start() 'http://link
2012/01/06 04:28:36.787| fwdStartComplete: http://link
2012/01/06 04:28:36.789| fwdConnectStart: http://1link
2012/01/06 04:28:36.791| fwdConnectStart: got outgoing addr
192.168.102.100, tos 0
2012/01/06 04:28:36.791| fwdConnectStart: got TCP FD 13
so the main problem is that the request that comes from squid is not
using the right address in tproxy mode.
Thanks
Eliezer
On 05/01/2012 17:20, Eliezer Croitoru wrote:
i made a squid url_rewriter for cache purposes and it works on ubunut
and on fedora 16(i686).
also it works on fedora 15 with the 3.2.0.12 rpm from fedora 16 repo.
the problem is that when the re_rewriter is replying with the address to
squid the session that squid is creating is : from the client to the
server instead from the squid machine to the web server.
what is see using ss is:(tproxy is port 8081)
SYN-SENT 0 1 192.168.102.100:38660 192.168.102.3:tproxy
but using the 3.2.0.12 and on other systems i see from
192.168.102.3:high_port_number 192.168.102.3:tproxy
or
127.0.0.1:hight_port_number 127.0.0.1:tproxy
and everything works fine.
the rewritter has a log function build-in and only when it's redirecting
and with tproxy squid is doing this thing.
on regular forward proxy everything is working fine.
my config is the basic one with the exception of tproxy and the rewritter
#start lines added
http_port 3129 tproxy
url_rewrite_program /opt/nginx.cache.rb
url_rewrite_host_header off
#end lines added
so : with the 3.2 branch it works but not on 3.1.(3.1.10-3.1.18)
also i cant compile the 3.2 branch on fedora 15 cause always it ends up
with some error.
i need to know the list of dependencies for compilation.
i had some sasl problem and i installed the sasl dev libs but now its
stuck on ftp error:
g++: warning: switch ג-fhuge-objectsג is no longer supported
ftp.cc: In function גvoid ftpReadEPSV(FtpStateData*)ג:
ftp.cc:2371:9: error: variable גnג set but not used
[-Werror=unused-but-set-variable]
cc1plus: all warnings being treated as errors
make[3]: *** [ftp.o] Error 1
make[3]: Leaving directory `/opt/src/squid-3.2.0.8/src'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/opt/src/squid-3.2.0.8/src'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/opt/src/squid-3.2.0.8/src'
make: *** [all-recursive] Error 1
Thanks
Eliezer
