Search squid archive

Re: transparent proxy on remote box issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> One hint I had was that the traffic are not marked correctly.
> 
> This line if added (I got it from somewhere online) will change the mac 
address 
> of 
> the web site to be the one of SQUID:
> 
> iptables -t mangle -A OUTPUT -o eth0 -p tcp --dport 80 -j MARK --set-mark 
2
> 
> With that rule:
> 06:13:38.327212 0a:a5:82:f8:2e:93 (VPN's mac)> 0a:3c:e1:08:45:b7 (SQUID's 
mac), 
> IPv4, length 74: 10.0.0.170.57525 > 157.166.248.10.80 (web site): tcp 0
> 
> Without that rule:
> 06:01:59.823267 0a:a5:82:f8:2e:93 (VPN's mac) > 0a:ee:81:f6:13:ef (SQUID's 
> mac), 
> IPv4, length 66: 10.0.0.170.43154 > 157.166.249.11.80 (web site): tcp 0
> 

This diagram explains the flow of PRE/POSTROUTING/OUTPUT/FORWARD: 
http://users.ecs.soton.ac.uk/ajf101/kptd.pdf

So OUTPUT rule makes a different because I am testing from a local process 
(ie: curl on VPN server).
I then tried from VPN client (inbound traffic) and POSTROUTING makes a 
difference here (putting SQUID's mac). Here some notes:

#marking inbound traffic:
iptables -t mangle -A PREROUTING -i eth0 -p tcp --dport 80 -j MARK --set-
mark 2

#marking outbound traffic (ie: locally generated traffic):
iptables -t mangle -A OUTPUT -o eth0 -p tcp --dport 80 -j MARK --set-mark 2

Anyhow that doesn't explain to me why market traffic is not going to SQUID. 

Thanks





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux