<div dir="ltr">Hi,<div><br></div><div>As suggested by Amos...I've configured squid box with bellow mentioned config.</div><div><br></div><div>I followed this doc <a href="http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat">http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat</a></div><div><br></div><div>1. Configured iptables as:</div><div><br></div><div><div>Table: filter</div><div>Chain INPUT (policy ACCEPT)</div><div>num target prot opt source destination </div><div><br></div><div>Chain FORWARD (policy ACCEPT)</div><div>num target prot opt source destination </div><div><br></div><div>Chain OUTPUT (policy ACCEPT)</div><div>num target prot opt source destination </div><div><br></div><div>Table: mangle</div><div>Chain PREROUTING (policy ACCEPT)</div><div>num target prot opt source destination </div><div>1 DROP tcp -- <a href="http://0.0.0.0/0">0.0.0.0/0</a> <a href="http://0.0.0.0/0">0.0.0.0/0</a> tcp dpt:3129 </div><div><br></div><div>Chain INPUT (policy ACCEPT)</div><div>num target prot opt source destination </div><div><br></div><div>Chain FORWARD (policy ACCEPT)</div><div>num target prot opt source destination </div><div><br></div><div>Chain OUTPUT (policy ACCEPT)</div><div>num target prot opt source destination </div><div><br></div><div>Chain POSTROUTING (policy ACCEPT)</div><div>num target prot opt source destination </div><div><br></div><div>Table: nat</div><div>Chain PREROUTING (policy ACCEPT)</div><div>num target prot opt source destination </div><div>1 ACCEPT tcp -- 10.58.200.33 <a href="http://0.0.0.0/0">0.0.0.0/0</a> tcp dpt:80 </div><div>2 DNAT tcp -- <a href="http://0.0.0.0/0">0.0.0.0/0</a> <a href="http://0.0.0.0/0">0.0.0.0/0</a> tcp dpt:80 to:<a href="http://10.58.200.33:3129">10.58.200.33:3129</a> </div><div><br></div><div>Chain POSTROUTING (policy ACCEPT)</div><div>num target prot opt source destination </div><div>1 MASQUERADE all -- <a href="http://0.0.0.0/0">0.0.0.0/0</a> <a href="http://0.0.0.0/0">0.0.0.0/0</a> </div><div><br></div><div>Chain OUTPUT (policy ACCEPT)</div><div>num target prot opt source destination </div><div><br></div></div><div><br></div><div>2. squid with http_port 3129 intercept</div><div><br></div><div>3. PCAP result</div><div><br></div><div><div>"3","1.539609","10.210.83.247","10.58.200.33","TCP","68","28754→80 [SYN] Seq=0 Win=8192 Len=0 MSS=1360 WS=256 SACK_PERM=1"</div><div><br></div><div>"4","1.539680","10.58.200.33","10.210.83.247","TCP","68","80→28754 [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1460 SACK_PERM=1 WS=64"</div><div><br></div><div>"19","2.717863","10.58.200.33","10.210.83.247","TCP","68","[TCP Retransmission] 80→28754 [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1460 SACK_PERM=1 WS=64"</div><div><br></div><div>"31","7.613768","10.210.83.247","10.58.200.33","TCP","64","[TCP Spurious Retransmission] 28754→80 [SYN] Seq=0 Win=8192 Len=0 MSS=1360 SACK_PERM=1"</div><div><br></div><div>"32","7.613835","10.58.200.33","10.210.83.247","TCP","68","[TCP Retransmission] 80→28754 [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1460 SACK_PERM=1 WS=64"</div><div><br></div><div>"43","8.917825","10.58.200.33","10.210.83.247","TCP","68","[TCP Retransmission] 80→28754 [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1460 SACK_PERM=1 WS=64"</div><div><br></div><div>"167","20.917840","10.58.200.33","10.210.83.247","TCP","68","[TCP Retransmission] 80→28754 [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1460 SACK_PERM=1 WS=64"</div><div><br></div><div>"485","44.917837","10.58.200.33","10.210.83.247","TCP","68","[TCP Retransmission] 80→28754 [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1460 SACK_PERM=1 WS=64"</div><div><br></div><div>"962","93.117870","10.58.200.33","10.210.83.247","TCP","68","[TCP Retransmission] 80→28754 [SYN, ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1460 SACK_PERM=1 WS=64"</div></div><div><br></div><div><span style="color:rgb(136,136,136)">-- </span><br style="color:rgb(136,136,136)"><div style="color:rgb(136,136,136)">Thanks & Regards<br>Jaykbvt</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Apr 8, 2015 at 2:50 PM, Jaydeep Kubavat <span dir="ltr"><<a href="mailto:jaykbvt@gmail.com" target="_blank">jaykbvt@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">Hi, <div><br></div><div>I've configured a transparent squid proxy on a centos 6.6 with single NIC.</div><div><br clear="all"><div>There is Cisco ISG in between with L4 redirection on www traffic. </div><div><br></div><div>The requests are coming on port 80 from client and ISG forwards that to port 80 on my squid server.</div><div><br></div><div>So there is no iptables configured on squid server.</div><div><br></div><div>Client requests are not reaching upto my squid instance. </div><div><br></div><div>I'm getting the following in pcap on squid box.</div><div><br></div><div>=========================</div><div><div><br></div><div>"129","79.114808","10.210.83.246","10.58.200.33","TCP","76","39546→80 [SYN] Seq=0 Win=14600 Len=0 MSS=1360 SACK_PERM=1 TSval=2686675 TSecr=0 WS=64"</div><div><br></div><div>"130","79.114946","10.58.200.33","10.210.83.246","TCP","76","80→39546 [SYN, ACK] Seq=0 Ack=1 Win=14480 Len=0 MSS=1460 SACK_PERM=1 TSval=509402603 TSecr=2686675 WS=64"</div><div><br></div><div>"145","82.115674","10.210.83.246","10.58.200.33","TCP","76","[TCP Spurious Retransmission] 39546→80 [SYN] Seq=0 Win=14600 Len=0 MSS=1360 SACK_PERM=1 TSval=2686976 TSecr=0 WS=64"</div><div><br></div><div>"146","82.115748","10.58.200.33","10.210.83.246","TCP","76","[TCP Retransmission] 80→39546 [SYN, ACK] Seq=0 Ack=1 Win=14480 Len=0 MSS=1460 SACK_PERM=1 TSval=509405604 TSecr=2686675 WS=64"</div><div><br></div><div>"151","83.113859","10.58.200.33","10.210.83.246","TCP","76","[TCP Retransmission] 80→39546 [SYN, ACK] Seq=0 Ack=1 Win=14480 Len=0 MSS=1460 SACK_PERM=1 TSval=509406603 TSecr=2686675 WS=64"</div><div><br></div><div>"165","88.145376","10.210.83.246","10.58.200.33","TCP","76","[TCP Spurious Retransmission] 39546→80 [SYN] Seq=0 Win=14600 Len=0 MSS=1360 SACK_PERM=1 TSval=2687578 TSecr=0 WS=64"</div><div><br></div><div>"166","88.145450","10.58.200.33","10.210.83.246","TCP","76","[TCP Retransmission] 80→39546 [SYN, ACK] Seq=0 Ack=1 Win=14480 Len=0 MSS=1460 SACK_PERM=1 TSval=509411634 TSecr=2686675 WS=64"</div><div><br></div><div>"176","89.113837","10.58.200.33","10.210.83.246","TCP","76","[TCP Retransmission] 80→39546 [SYN, ACK] Seq=0 Ack=1 Win=14480 Len=0 MSS=1460 SACK_PERM=1 TSval=509412603 TSecr=2686675 WS=64"</div><div><br></div><div>"285","101.113833","10.58.200.33","10.210.83.246","TCP","76","[TCP Retransmission] 80→39546 [SYN, ACK] Seq=0 Ack=1 Win=14480 Len=0 MSS=1460 SACK_PERM=1 TSval=509424603 TSecr=2686675 WS=64"</div><div><br></div></div><div>=========================</div><div><br></div><div>my squid is configured default, only </div><div><br></div><div>http_port 3130</div><div>http_port 80 intercept</div><div><br></div><div>are changed.</div><span class=""><font color="#888888"><div><br></div><div><br></div><div><br></div>-- <br><div>Thanks & Regards<br>Jaykbvt</div>
</font></span></div></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature">Thanks & Regards<br>Jaykbvt</div>
</div></div>