i put squid on debug section: 89 to follow tproxy and 17 to see what is
going on inside other stuff and i found out this:
section 89 fine not showing anything about using the client ip as
192.168.102.100 :
2012/01/06 04:23:54.072| IpIntercept.cc(381) NatLookup: address BEGIN:
me= 212.179.154.226:80, client= 212.179.154.226:80, dst=
192.168.102.100:1063, peer= 192.168.102.100:1063
2012/01/06 04:23:54.074| IpIntercept.cc(166) NetfilterTransparent:
address TPROXY: me= 212.179.154.226:80, client= 192.168.102.100
section 17 show abnormail thing:
(the outgoing address to the server is the client address and not one of
the server address)
2012/01/06 04:28:36.782| store_client::copy:
7DEA6A0583B90AB461F576C6AEE4AA50, from 0, for length 4096, cb 1, cbdata
0x882b5b8
2012/01/06 04:28:36.783| storeClientCopy2: 7DEA6A0583B90AB461F576C6AEE4AA50
2012/01/06 04:28:36.784| store_client::doCopy: Waiting for more
2012/01/06 04:28:36.785| FwdState::start() 'http://link
2012/01/06 04:28:36.787| fwdStartComplete: http://link
2012/01/06 04:28:36.789| fwdConnectStart: http://1link
2012/01/06 04:28:36.791| fwdConnectStart: got outgoing addr
192.168.102.100, tos 0
2012/01/06 04:28:36.791| fwdConnectStart: got TCP FD 13
so the main problem is that the request that comes from squid is not
using the right address in tproxy mode.
Thanks
Eliezer
On 05/01/2012 17:20, Eliezer Croitoru wrote:
> i made a squid url_rewriter for cache purposes and it works on ubunut
> and on fedora 16(i686).
> also it works on fedora 15 with the 3.2.0.12 rpm from fedora 16 repo.
> the problem is that when the re_rewriter is replying with the address to
> squid the session that squid is creating is : from the client to the
> server instead from the squid machine to the web server.
> what is see using ss is:(tproxy is port 8081)
> SYN-SENT 0 1 192.168.102.100:38660 192.168.102.3:tproxy
>
> but using the 3.2.0.12 and on other systems i see from
> 192.168.102.3:high_port_number 192.168.102.3:tproxy
> or
> 127.0.0.1:hight_port_number 127.0.0.1:tproxy
>
> and everything works fine.
>
> the rewritter has a log function build-in and only when it's redirecting
> and with tproxy squid is doing this thing.
> on regular forward proxy everything is working fine.
>
> my config is the basic one with the exception of tproxy and the rewritter
>
> #start lines added
> http_port 3129 tproxy
> url_rewrite_program /opt/nginx.cache.rb
> url_rewrite_host_header off
> #end lines added
>
> so : with the 3.2 branch it works but not on 3.1.(3.1.10-3.1.18)
>
> also i cant compile the 3.2 branch on fedora 15 cause always it ends up
> with some error.
> i need to know the list of dependencies for compilation.
> i had some sasl problem and i installed the sasl dev libs but now its
> stuck on ftp error:
> g++: warning: switch ג-fhuge-objectsג is no longer supported
> ftp.cc: In function גvoid ftpReadEPSV(FtpStateData*)ג:
> ftp.cc:2371:9: error: variable גnג set but not used
> [-Werror=unused-but-set-variable]
> cc1plus: all warnings being treated as errors
>
> make[3]: *** [ftp.o] Error 1
> make[3]: Leaving directory `/opt/src/squid-3.2.0.8/src'
> make[2]: *** [all-recursive] Error 1
> make[2]: Leaving directory `/opt/src/squid-3.2.0.8/src'
> make[1]: *** [all] Error 2
> make[1]: Leaving directory `/opt/src/squid-3.2.0.8/src'
> make: *** [all-recursive] Error 1
>
>
> Thanks
> Eliezer
Received on Fri Jan 06 2012 - 02:38:05 MST
This archive was generated by hypermail 2.2.0 : Fri Jan 06 2012 - 12:00:02 MST