Re: [squid-users] Problem with Squid + Tproxy and Rapdishare from Carlos Botejara on 2009-08-10 (squid-users)

From: Carlos Botejara <cbotejara_at_gmail.com>
Date: Mon, 10 Aug 2009 20:30:05 -0300

OK.

Ok. I did what you told me, modify the rule, but nothing happened ..
everything remains the same
Rule amended
iptables-t mangle-A PREROUTING-p tcp - dport 80-j TPROXY - tproxy-mark
0x1/0x1 - on-port 3129

2009/8/9 Amos Jeffries <squid3_at_treenet.co.nz>:
> On Sun, 9 Aug 2009 10:58:23 -0300, Carlos Botejara <cbotejara_at_gmail.com>
> wrote:
>> hi, this is my first post here.
>> I have a problem, but first I describe the scenario
>> I have clients with public IP
>> Mikrotik router redirecting traffic to SQUID
>> Squid 3.1 with support for TPROXY
>> Iptables 1.4.4 with support for TPROXY
>> Debian Lenny / Kernel 2.6.28 with support for TPROXY
>>
>> well.
>> The proxy works as well, and when I made some test pages whatismyip,
>> shows that the ip is the CLIENT.
>> However. I can not get my clients with public IP address
>> simultaneously downloading from RapidShare / Megaupload ETC. The error
>> shown within these pages is the typical already are downloading from
>> that ip, so if viewing RapidShare IP SQUID in reality and not the
>> client. How fix this?
>>
>> the configuration file of squid in the harbor is well
>>
>> http_port 81 tproxy
>>
>> Iptables:
>>
>> iptables -t mangle -N DIVERT
>> iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
>> iptables -t mangle -A DIVERT -j MARK --set-mark 1
>> iptables -t mangle -A DIVERT -j ACCEPT
>> iptables -t mangle -A PREROUTING -p tcp --dport 3128 -j TPROXY
>> --tproxy-mark 0x1/0x1 --on-port 81
>
> You have this rule ass-backwards.
>
> TPROXY is intended to intercept port 80 traffic, not port 3128 traffic.
> When the client is NOT configured to use the proxy. The HTTP request
> formats are noticeably different. It's trivially easy to detect those
> differences and probably what rapidshare is doing.
>
> Please go back and use the http://wiki.squid-cache.org/Features/Tproxy4
> documentation and configuration example.
>
>>
>> ip rule add fwmark 1 lookup 100
>> ip route add local 0.0.0.0/0 dev lo table 100
>>
>> echo 1 > /proc/sys/net/ipv4/ip_forward
>>
>>
>> Mikrotik:
>> Have a rule in the firewall to redirect all traffic to port 80 of the
>> SQUID to the IP, port 3128
>>
>> All clients create sessions PPPOE in Router Mikrotik
>>
>> May help?
>>
>> Regards
>
> Amos
>

-- 
Carlos Botejara
Area Sistemas
cbotejara_at_gmail.com
NEUQUEN - ARGENTINA
C: 0299-154060127
MSN:carlos.botejara_at_hotmail.com
http://www.linkedin.com/in/carlosbotejara
Este correo está dirigido únicamente a la persona o entidad que figura
en el destinatario y puede contener información confidencial y/o
privilegiada.
La copia, reenvío, o distribución de este mensaje por personas o
entidades diferentes al destinatario está prohibido.
Si Ud. ha recibido este correo por error, por favor contáctese con el
remitente inmediatamente y borre el material de cualquier computadora.
Este correo puede estar siendo monitoreado en cumplimiento de esta política.

Received on Mon Aug 10 2009 - 23:30:14 MDT

This archive was generated by hypermail 2.2.0 : Tue Aug 11 2009 - 12:00:02 MDT