[squid-users] Transparent Proxy

Jaydeep Kubavat jaykbvt at gmail.com
Wed Apr 8 11:50:17 UTC 2015 

Hi,

As suggested by Amos...I've configured squid box with bellow mentioned
config.

I followed this doc
http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat

1. Configured iptables as:

Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Table: mangle
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
dpt:3129

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination

Table: nat
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     tcp  --  10.58.200.33         0.0.0.0/0           tcp
dpt:80
2    DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
dpt:80 to:10.58.200.33:3129

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    MASQUERADE  all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination


2. squid with http_port 3129 intercept

3. PCAP result

"3","1.539609","10.210.83.247","10.58.200.33","TCP","68","28754→80 [SYN]
Seq=0 Win=8192 Len=0 MSS=1360 WS=256 SACK_PERM=1"

"4","1.539680","10.58.200.33","10.210.83.247","TCP","68","80→28754 [SYN,
ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1460 SACK_PERM=1 WS=64"

"19","2.717863","10.58.200.33","10.210.83.247","TCP","68","[TCP
Retransmission] 80→28754 [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1460
SACK_PERM=1 WS=64"

"31","7.613768","10.210.83.247","10.58.200.33","TCP","64","[TCP Spurious
Retransmission] 28754→80 [SYN] Seq=0 Win=8192 Len=0 MSS=1360 SACK_PERM=1"

"32","7.613835","10.58.200.33","10.210.83.247","TCP","68","[TCP
Retransmission] 80→28754 [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1460
SACK_PERM=1 WS=64"

"43","8.917825","10.58.200.33","10.210.83.247","TCP","68","[TCP
Retransmission] 80→28754 [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1460
SACK_PERM=1 WS=64"

"167","20.917840","10.58.200.33","10.210.83.247","TCP","68","[TCP
Retransmission] 80→28754 [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1460
SACK_PERM=1 WS=64"

"485","44.917837","10.58.200.33","10.210.83.247","TCP","68","[TCP
Retransmission] 80→28754 [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1460
SACK_PERM=1 WS=64"

"962","93.117870","10.58.200.33","10.210.83.247","TCP","68","[TCP
Retransmission] 80→28754 [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1460
SACK_PERM=1 WS=64"

-- 
Thanks & Regards
Jaykbvt

On Wed, Apr 8, 2015 at 2:50 PM, Jaydeep Kubavat <jaykbvt at gmail.com> wrote:

> Hi,
>
> I've configured a transparent squid proxy on a centos 6.6 with single NIC.
>
> There is Cisco ISG in between with L4 redirection on www traffic.
>
> The requests are coming on port 80 from client and ISG forwards that to
> port 80 on my squid server.
>
> So there is no iptables configured on squid server.
>
> Client requests are not reaching upto my squid instance.
>
> I'm getting the following in pcap on squid box.
>
> =========================
>
> "129","79.114808","10.210.83.246","10.58.200.33","TCP","76","39546→80
> [SYN] Seq=0 Win=14600 Len=0 MSS=1360 SACK_PERM=1 TSval=2686675 TSecr=0
> WS=64"
>
> "130","79.114946","10.58.200.33","10.210.83.246","TCP","76","80→39546
> [SYN, ACK] Seq=0 Ack=1 Win=14480 Len=0 MSS=1460 SACK_PERM=1 TSval=509402603
> TSecr=2686675 WS=64"
>
> "145","82.115674","10.210.83.246","10.58.200.33","TCP","76","[TCP Spurious
> Retransmission] 39546→80 [SYN] Seq=0 Win=14600 Len=0 MSS=1360 SACK_PERM=1
> TSval=2686976 TSecr=0 WS=64"
>
> "146","82.115748","10.58.200.33","10.210.83.246","TCP","76","[TCP
> Retransmission] 80→39546 [SYN, ACK] Seq=0 Ack=1 Win=14480 Len=0 MSS=1460
> SACK_PERM=1 TSval=509405604 TSecr=2686675 WS=64"
>
> "151","83.113859","10.58.200.33","10.210.83.246","TCP","76","[TCP
> Retransmission] 80→39546 [SYN, ACK] Seq=0 Ack=1 Win=14480 Len=0 MSS=1460
> SACK_PERM=1 TSval=509406603 TSecr=2686675 WS=64"
>
> "165","88.145376","10.210.83.246","10.58.200.33","TCP","76","[TCP Spurious
> Retransmission] 39546→80 [SYN] Seq=0 Win=14600 Len=0 MSS=1360 SACK_PERM=1
> TSval=2687578 TSecr=0 WS=64"
>
> "166","88.145450","10.58.200.33","10.210.83.246","TCP","76","[TCP
> Retransmission] 80→39546 [SYN, ACK] Seq=0 Ack=1 Win=14480 Len=0 MSS=1460
> SACK_PERM=1 TSval=509411634 TSecr=2686675 WS=64"
>
> "176","89.113837","10.58.200.33","10.210.83.246","TCP","76","[TCP
> Retransmission] 80→39546 [SYN, ACK] Seq=0 Ack=1 Win=14480 Len=0 MSS=1460
> SACK_PERM=1 TSval=509412603 TSecr=2686675 WS=64"
>
> "285","101.113833","10.58.200.33","10.210.83.246","TCP","76","[TCP
> Retransmission] 80→39546 [SYN, ACK] Seq=0 Ack=1 Win=14480 Len=0 MSS=1460
> SACK_PERM=1 TSval=509424603 TSecr=2686675 WS=64"
>
> =========================
>
> my squid is configured default, only
>
> http_port 3130
> http_port 80 intercept
>
> are changed.
>
>
>
> --
> Thanks & Regards
> Jaykbvt
>



-- 
Thanks & Regards
Jaykbvt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150408/3f59f6d4/attachment-0001.html>

More information about the squid-users mailing list