<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from text --><style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>
</head>
<body>
<meta content="text/html; charset=UTF-8">
<style type="text/css" style="">
<!--
p
{margin-top:0;
margin-bottom:0}
-->
</style>
<div dir="ltr">
<div id="x_divtagdefaultwrapper" dir="ltr" style="font-size:12pt; color:#000000; font-family:Calibri,Arial,Helvetica,sans-serif">
<p>iptables-save: <a href="http://pastebin.com/9JrVANtt" class="x_OWAAutoLink" id="LPlnk344638">http://pastebin.com/9JrVANtt</a></p>
<p><br>
</p>
<p>ipset list : <a href="http://pastebin.com/wtMtzaQe" class="x_OWAAutoLink" id="LPlnk687948">http://pastebin.com/wtMtzaQe</a></p>
<div id="LPBorder_GT_14811268492140.9267172216760915" style="margin-bottom:20px; overflow:auto; width:100%; text-indent:0px">
<table id="LPContainer_14811268492040.34114173119485436" cellspacing="0" style="width:90%; background-color:rgb(255,255,255); overflow:auto; padding-top:20px; padding-bottom:20px; margin-top:20px; border-top:1px dotted rgb(200,200,200); border-bottom:1px dotted rgb(200,200,200)">
<tbody>
<tr valign="top" style="border-spacing:0px">
<td id="x_ImageCell_14811268492070.846121510622611" colspan="1" style="width:250px; display:table-cell; padding-right:20px">
<div id="LPImageContainer_14811268492070.027269185453766553" style="background-color:rgb(255,255,255); height:250px; margin:auto; display:table; width:250px">
<a id="LPImageAnchor_14811268492080.8248985263563928" href="http://pastebin.com/wtMtzaQe" target="_blank" style="display:table-cell; text-align:center"><img id="LPThumbnailImageID_14811268492090.13743645683967776" width="250" height="250" style="display:inline-block; max-width:250px; max-height:250px; height:250px; width:250px; border-width:0px; vertical-align:bottom" src="http://pastebin.com/i/facebook.png"></a></div>
</td>
<td id="x_TextCell_14811268492100.6468196128247519" colspan="2" style="vertical-align:top; padding:0px; display:table-cell">
<div id="LPRemovePreviewContainer_14811268492100.18539709234937485"></div>
<div id="LPTitle_14811268492100.6839019169598597" style="top:0px; color:rgb(0,120,215); font-weight:normal; font-size:21px; font-family:wf_segoe-ui_light,"Segoe UI Light","Segoe WP Light","Segoe UI","Segoe WP",Tahoma,Arial,sans-serif; line-height:21px">
<a id="LPUrlAnchor_14811268492120.06279499131038535" href="http://pastebin.com/wtMtzaQe" target="_blank" style="text-decoration:none">Name: bypascidrspool Type: hash:net Revision: 6 Header: family inet hashsiz - Pastebin.com</a></div>
<div id="LPMetadata_14811268492120.5007831883888387" style="margin:10px 0px 16px; color:rgb(102,102,102); font-weight:normal; font-family:wf_segoe-ui_normal,"Segoe UI","Segoe WP",Tahoma,Arial,sans-serif; font-size:14px; line-height:14px">
pastebin.com</div>
</td>
</tr>
</tbody>
</table>
</div>
<br>
<div id="LPBorder_GT_14811267926610.6134046981137338" style="margin-bottom:20px; overflow:auto; width:100%; text-indent:0px">
<table id="LPContainer_14811267926510.36318170476931644" cellspacing="0" style="width:90%; background-color:rgb(255,255,255); overflow:auto; padding-top:20px; padding-bottom:20px; margin-top:20px; border-top:1px dotted rgb(200,200,200); border-bottom:1px dotted rgb(200,200,200)">
<tbody>
<tr valign="top" style="border-spacing:0px">
<td id="x_ImageCell_14811267926540.5959797036410626" colspan="1" style="width:250px; display:table-cell; padding-right:20px">
<div id="LPImageContainer_14811267926550.3822289869423843" style="background-color:rgb(255,255,255); height:250px; margin:auto; display:table; width:250px">
<a id="LPImageAnchor_14811267926560.7505990295042242" href="http://pastebin.com/9JrVANtt" target="_blank" style="display:table-cell; text-align:center"><img id="LPThumbnailImageID_14811267926560.2718979240727135" width="250" height="250" style="display:inline-block; max-width:250px; max-height:250px; height:250px; width:250px; border-width:0px; vertical-align:bottom" src="http://pastebin.com/i/facebook.png"></a></div>
</td>
<td id="x_TextCell_14811267926570.8537685068650618" colspan="2" style="vertical-align:top; padding:0px; display:table-cell">
<div id="LPRemovePreviewContainer_14811267926580.8557179446914707"></div>
<div id="LPTitle_14811267926580.4432455953952277" style="top:0px; color:rgb(0,120,215); font-weight:normal; font-size:21px; font-family:wf_segoe-ui_light,"Segoe UI Light","Segoe WP Light","Segoe UI","Segoe WP",Tahoma,Arial,sans-serif; line-height:21px">
<a id="LPUrlAnchor_14811267926590.8493892850777411" href="http://pastebin.com/9JrVANtt" target="_blank" style="text-decoration:none"># Generated by iptables-save v1.6.0 on Wed Dec 7 11:03:51 2016 *mangle :PRERO - Pastebin.com</a></div>
<div id="LPMetadata_14811267926590.016953896883395325" style="margin:10px 0px 16px; color:rgb(102,102,102); font-weight:normal; font-family:wf_segoe-ui_normal,"Segoe UI","Segoe WP",Tahoma,Arial,sans-serif; font-size:14px; line-height:14px">
pastebin.com</div>
</td>
</tr>
</tbody>
</table>
</div>
<br>
<p><br>
</p>
<div id="x_Signature">
<div id="x_divtagdefaultwrapper" style="font-size:12pt; color:#000000; background-color:#FFFFFF; font-family:Calibri,Arial,Helvetica,sans-serif">
<img class="" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:16px; margin:5px; background-color:rgb(255,255,255)" src="https://encrypted-tbn1.gstatic.com/images?q=tbn:ANd9GcQfU2bXCBPGhd5da40t2NysagP5_TdzOv6NOC14r3PXrn5b8k8cog"><span style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:16px; background-color:rgb(255,255,255)"> </span><font color="#008000" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:16px; background-color:rgb(255,255,255)"><em><strong> Piensa
en el medio ambiente antes de imprimir este email.</strong></em></font><br>
</div>
</div>
</div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="x_divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> Eliezer Croitoru <eliezer@ngtech.co.il><br>
<b>Sent:</b> Wednesday, December 7, 2016 10:58:18 AM<br>
<b>To:</b> Sameh Onaissi<br>
<b>Cc:</b> squid-users@lists.squid-cache.org<br>
<b>Subject:</b> RE: [squid-users] Skype for Business behind a transparent squid (TProxy) HTTP/S</font>
<div> </div>
</div>
</div>
<font size="2"><span style="font-size:10pt;">
<div class="PlainText">Give us the “iptables-save” output and also “ipset list”.<br>
(or what ever was the command of ipset to dump the content of the list).<br>
After this we can understand what is causing this issue.<br>
<br>
Eliezer<br>
<br>
----<br>
<a href="http://ngtech.co.il/lmgtfy/">http://ngtech.co.il/lmgtfy/</a><br>
Linux System Administrator<br>
Mobile: +972-5-28704261<br>
Email: eliezer@ngtech.co.il<br>
<br>
<br>
From: Sameh Onaissi [<a href="mailto:sameh.onaissi@solcv.com">mailto:sameh.onaissi@solcv.com</a>]
<br>
Sent: Wednesday, December 7, 2016 5:23 PM<br>
To: Eliezer Croitoru <eliezer@ngtech.co.il><br>
Cc: squid-users@lists.squid-cache.org<br>
Subject: Re: [squid-users] Skype for Business behind a transparent squid<br>
(TProxy) HTTP/S<br>
<br>
Still not working and I do not know what to do next. <br>
<br>
access.log shows IPs and domains that are supposed to be bypassed already.<br>
<br>
Any further instructions are hugely appreciated.<br>
<br>
<br>
<br>
Piensa en el medio ambiente antes de imprimir este email. <br>
<br>
On Dec 7, 2016, at 9:50 AM, Eliezer Croitoru <<a href="mailto:eliezer@ngtech.co.il">mailto:eliezer@ngtech.co.il</a>><br>
wrote:<br>
<br>
Was there any progress with the script and the issues?<br>
<br>
Eliezer<br>
<br>
----<br>
<a href="http://ngtech.co.il/lmgtfy/">http://ngtech.co.il/lmgtfy/</a><br>
Linux System Administrator<br>
Mobile: +972-5-28704261<br>
Email: <a href="mailto:eliezer@ngtech.co.il">mailto:eliezer@ngtech.co.il</a><br>
<br>
<br>
From: Sameh Onaissi [<a href="mailto:sameh.onaissi@solcv.com">mailto:sameh.onaissi@solcv.com</a>]
<br>
Sent: Wednesday, December 7, 2016 12:36 AM<br>
To: Eliezer Croitoru <<a href="mailto:eliezer@ngtech.co.il">mailto:eliezer@ngtech.co.il</a>><br>
Cc: 'Amos Jeffries' <<a href="mailto:squid3@treenet.co.nz">mailto:squid3@treenet.co.nz</a>>;<br>
<a href="mailto:squid-users@lists.squid-cache.org">mailto:squid-users@lists.squid-cache.org</a><br>
Subject: Re: [squid-users] Skype for Business behind a transparent squid<br>
(TProxy) HTTP/S<br>
<br>
<br>
Hello Eliezer and thanks again.<br>
<br>
I ran the script with the tproxy argument.<br>
<br>
Tried to reconnect skype for business... <br>
<br>
After about a 3 min wait, a pop up saying "Skype for Business couldn't find<br>
a skype for business server" and access log shows: <br>
<br>
1481061269.006 400 10.0.0.38 TCP_MISS/200 1068 GET<br>
<a href="http://lyncdiscover.solcv.com/?">http://lyncdiscover.solcv.com/?</a> - ORIGINAL_DST/132.245.1.28<br>
application/vnd.microsoft.rtc.autodiscover+xml<br>
1481061269.270 667 10.0.0.38 TAG_NONE/200 0 CONNECT 132.245.1.28:443 -<br>
HIER_NONE/- -<br>
1481061269.270 665 10.0.0.38 TCP_TUNNEL/200 5568 CONNECT<br>
lyncdiscover.solcv.com:443 - ORIGINAL_DST/132.245.1.28 -<br>
1481061269.770 596 10.0.0.38 TAG_NONE/200 0 CONNECT 52.112.64.14:443 -<br>
HIER_NONE/- -<br>
1481061269.770 594 10.0.0.38 TCP_TUNNEL/200 6981 CONNECT<br>
webdir0a.online.lync.com:443 - ORIGINAL_DST/52.112.64.14 -<br>
1481061270.679 897 10.0.0.38 TAG_NONE/200 0 CONNECT 52.112.64.14:443 -<br>
HIER_NONE/- -<br>
1481061270.679 895 10.0.0.38 TCP_TUNNEL/200 7733 CONNECT<br>
webdir0a.online.lync.com:443 - ORIGINAL_DST/52.112.64.14 -<br>
1481061272.178 841 10.0.0.38 TAG_NONE/200 0 CONNECT 23.100.120.65:443 -<br>
HIER_NONE/- -<br>
1481061272.178 840 10.0.0.38 TCP_TUNNEL/200 20539 CONNECT<br>
login.microsoftonline.com:443 - ORIGINAL_DST/23.100.120.65 -<br>
1481061273.713 641 10.0.0.38 TAG_NONE/200 0 CONNECT 52.112.64.14:443 -<br>
HIER_NONE/- -<br>
1481061273.713 640 10.0.0.38 TCP_TUNNEL/200 8037 CONNECT<br>
webdir0a.online.lync.com:443 - ORIGINAL_DST/52.112.64.14 -<br>
1481061273.751 3054 10.0.0.38 TAG_NONE/200 0 CONNECT 52.112.64.14:443 -<br>
HIER_NONE/- -<br>
1481061273.751 3052 10.0.0.38 TCP_TUNNEL/200 24458 CONNECT<br>
webdir0a.online.lync.com:443 - ORIGINAL_DST/52.112.64.14 -<br>
1481061273.751 1544 10.0.0.38 TAG_NONE/200 0 CONNECT 52.112.64.14:443 -<br>
HIER_NONE/- -<br>
1481061273.751 1543 10.0.0.38 TCP_TUNNEL/200 11653 CONNECT<br>
webdir0a.online.lync.com:443 - ORIGINAL_DST/52.112.64.14 -<br>
<br>
<br>
so I added more ip ranges to the cidr-to-bypass.txt and ran the script again<br>
<br>
<br>
1481063243.370 371 10.0.0.38 TCP_MISS/200 1068 GET<br>
<a href="http://lyncdiscover.solcv.com/?">http://lyncdiscover.solcv.com/?</a> - ORIGINAL_DST/134.170.113.210<br>
application/vnd.microsoft.rtc.autodiscover+xml<br>
1481063278.271 74233 10.0.0.38 TAG_NONE/200 0 CONNECT 104.208.31.113:443 -<br>
HIER_NONE/- -<br>
1481063278.271 74231 10.0.0.38 TCP_TUNNEL/200 6746 CONNECT<br>
pipe.skype.com:443 - ORIGINAL_DST/104.208.31.113 -<br>
1481063344.143 60720 10.0.0.38 TAG_NONE/200 0 CONNECT 104.208.31.113:443 -<br>
HIER_NONE/- -<br>
1481063344.143 60719 10.0.0.38 TCP_TUNNEL/200 6389 CONNECT<br>
pipe.skype.com:443 - ORIGINAL_DST/104.208.31.113 -<br>
<br>
a new set showed up...<br>
<br>
what more can we do?<br>
<br>
keep adding ip ranges?<br>
<br>
thanks<br>
<br>
Piensa en el medio ambiente antes de imprimir este email.<br>
________________________________________<br>
From: Eliezer Croitoru <<a href="mailto:eliezer@ngtech.co.il">mailto:eliezer@ngtech.co.il</a>><br>
Sent: Tuesday, December 6, 2016 4:36:56 PM<br>
To: Sameh Onaissi<br>
Cc: 'Amos Jeffries'; <a href="mailto:squid-users@lists.squid-cache.org">mailto:squid-users@lists.squid-cache.org</a><br>
Subject: RE: [squid-users] Skype for Business behind a transparent squid<br>
(TProxy) HTTP/S <br>
<br>
Try the next script:<br>
<a href="https://gist.github.com/elico/a54c2c8f8e1a2407b42210896b960f4b">https://gist.github.com/elico/a54c2c8f8e1a2407b42210896b960f4b</a>
<br>
<a href="https://gist.github.com/elico/a54c2c8f8e1a2407b42210896b960f4b">https://gist.github.com/elico/a54c2c8f8e1a2407b42210896b960f4b</a><br>
<a href="https://gist.github.com/elico/a54c2c8f8e1a2407b42210896b960f4b">https://gist.github.com/elico/a54c2c8f8e1a2407b42210896b960f4b</a><br>
gist.github.com<br>
bypass squid interception for skype<br>
<br>
<br>
<br>
It has two modes: regular and tproxy.<br>
In your case you should run the script with:<br>
$ bypass-skype-cidr.sh tproxy<br>
<br>
The tproxy flag should do the trick for you.<br>
<br>
Let me know if it works for you.<br>
<br>
Eliezer<br>
<br>
----<br>
<a href="http://ngtech.co.il/lmgtfy/">http://ngtech.co.il/lmgtfy/</a><br>
Linux System Administrator<br>
Mobile: +972-5-28704261<br>
Email: <a href="mailto:eliezer@ngtech.co.il">mailto:eliezer@ngtech.co.il</a><br>
<br>
<br>
From: Sameh Onaissi [<a href="mailto:sameh.onaissi@solcv.com">mailto:sameh.onaissi@solcv.com</a>]
<br>
Sent: Tuesday, December 6, 2016 9:24 PM<br>
To: Eliezer Croitoru <<a href="mailto:eliezer@ngtech.co.il">mailto:eliezer@ngtech.co.il</a>><br>
Cc: Amos Jeffries <<a href="mailto:squid3@treenet.co.nz">mailto:squid3@treenet.co.nz</a>>;<br>
<a href="mailto:squid-users@lists.squid-cache.org">mailto:squid-users@lists.squid-cache.org</a><br>
Subject: Re: [squid-users] Skype for Business behind a transparent squid<br>
(TProxy) HTTP/S<br>
<br>
Yes please, I would appreciate help with that script. <br>
<br>
As I aforementioned, totally new to all this<br>
<br>
<br>
<br>
Piensa en el medio ambiente antes de imprimir este email. <br>
<br>
On Dec 6, 2016, at 1:27 PM, Eliezer Croitoru <<a href="mailto:eliezer@ngtech.co.il">mailto:eliezer@ngtech.co.il</a>><br>
wrote:<br>
<br>
Now you can enhance the script by adding manually the ntop skype related<br>
networks based on:<br>
<a href="https://github.com/ntop/nDPI/blob/d9a2d9a6bd4d476d666d26cb713952760a975d92/s">https://github.com/ntop/nDPI/blob/d9a2d9a6bd4d476d666d26cb713952760a975d92/s</a><br>
rc/lib/ndpi_content_match.c.inc#L286<br>
<br>
/*<br>
Skype (Microsoft CDN)<br>
157.56.135.64/26, 157.56.185.0/26, 157.56.52.0/26,<br>
157.56.53.128/25, 157.56.198.0/26<br>
157.60.0.0/16, 157.54.0.0/15 <br>
13.107.3.128/32<br>
13.107.3.129/32<br>
111.221.64.0 - 111.221.127.255<br>
91.190.216.0/21 (AS198015 Skype Communications Sarl)<br>
91.190.218.0/24<br>
40.126.129.109/32<br>
65.55.223.0/26<br>
*/<br>
<br>
If you need help scripting this let me know.<br>
<br>
Eliezer<br>
<br>
----<br>
<a href="http://ngtech.co.il/lmgtfy/">http://ngtech.co.il/lmgtfy/</a><br>
Linux System Administrator<br>
Mobile: +972-5-28704261<br>
Email: <a href="mailto:eliezer@ngtech.co.il">mailto:eliezer@ngtech.co.il</a><br>
<br>
<br>
From: Sameh Onaissi [<a href="mailto:sameh.onaissi@solcv.com">mailto:sameh.onaissi@solcv.com</a>]
<br>
Sent: Tuesday, December 6, 2016 7:29 PM<br>
To: Eliezer Croitoru <<a href="mailto:eliezer@ngtech.co.il">mailto:eliezer@ngtech.co.il</a>><br>
Cc: Amos Jeffries <<a href="mailto:squid3@treenet.co.nz">mailto:squid3@treenet.co.nz</a>>;<br>
<a href="mailto:squid-users@lists.squid-cache.org">mailto:squid-users@lists.squid-cache.org</a><br>
Subject: Re: [squid-users] Skype for Business behind a transparent squid<br>
(TProxy) HTTP/S<br>
<br>
Hello, <br>
<br>
OK, I added the ssl_bump slice on the skype domains text file<br>
I installed ipset and ran the script.<br>
<br>
Now access.log has much less skype related logs:<br>
<br>
What is left is:<br>
1481044996.398 3412 10.0.0.11 TAG_NONE/200 0 CONNECT 132.245.1.32:443 -<br>
ORIGINAL_DST/132.245.1.32 -<br>
1481044996.423 0 10.0.0.11 TAG_NONE/400 3998 REGISTER<br>
sip:solcv.comSIP/2.0 - HIER_NONE/- text/html<br>
1481045000.296 372 10.0.0.11 TAG_NONE/200 0 CONNECT 134.170.113.207:443 -<br>
ORIGINAL_DST/134.170.113.207 -<br>
1481045000.325 0 10.0.0.11 TAG_NONE/400 3998 REGISTER<br>
sip:solcv.comSIP/2.0 - HIER_NONE/- text/html<br>
1481045008.685 4259 10.0.0.11 TAG_NONE/200 0 CONNECT 134.170.113.207:443 -<br>
ORIGINAL_DST/134.170.113.207 -<br>
1481045008.726 0 10.0.0.11 TAG_NONE/400 3998 REGISTER<br>
sip:solcv.comSIP/2.0 - HIER_NONE/- text/html<br>
<br>
<br>
although <a href="http://solve.com">http://solve.com</a> is in the text file.<br>
<br>
I ran whois on the first IP and got:<br>
<br>
NetRange: 132.245.0.0 - 132.245.255.255<br>
CIDR: 132.245.0.0/16<br>
NetName: MICROSOFT<br>
<br>
<br>
Same with the 134.170. address. Can we slice that range?<br>
<br>
<br>
<br>
<br>
<br>
Sameh Onaissi<br>
Ingeniero de Soporte<br>
Sol Cable Visión<br>
Cel: 316-3023424<br>
Email: <a href="mailto:sameh.onaissi@solcv.com">mailto:sameh.onaissi@solcv.com</a><br>
<br>
<br>
<br>
Piensa en el medio ambiente antes de imprimir este email. <br>
<br>
On Dec 6, 2016, at 12:11 PM, Eliezer Croitoru <<a href="mailto:eliezer@ngtech.co.il">mailto:eliezer@ngtech.co.il</a>><br>
wrote:<br>
<br>
Hey,<br>
<br>
Depends on your OS you will need to installthe ipset package.<br>
Try to run "apt-get install ipset".<br>
And then run the script.<br>
<br>
Eliezer<br>
<br>
----<br>
<a href="http://ngtech.co.il/lmgtfy/">http://ngtech.co.il/lmgtfy/</a><br>
Linux System Administrator<br>
Mobile: +972-5-28704261<br>
Email: <a href="mailto:eliezer@ngtech.co.il">mailto:eliezer@ngtech.co.il</a><br>
<Untitled Attachment 1.jpg><br>
<br>
From: Sameh Onaissi [<a href="mailto:sameh.onaissi@solcv.com">mailto:sameh.onaissi@solcv.com</a>]
<br>
Sent: Tuesday, December 6, 2016 5:23 PM<br>
To: Amos Jeffries <<a href="mailto:squid3@treenet.co.nz">mailto:squid3@treenet.co.nz</a>><br>
Cc: Eliezer Croitoru <<a href="mailto:eliezer@ngtech.co.il">mailto:eliezer@ngtech.co.il</a>><br>
Subject: Re: [squid-users] Skype for Business behind a transparent squid<br>
(TProxy) HTTP/S<br>
<br>
Amos, thanks for the reply. <br>
<br>
<br>
This is getting more confusing.<br>
<br>
I changed the script to: <a href="http://pastebin.com/jLgywstg">http://pastebin.com/jLgywstg</a><br>
<br>
And I ran it, but I am getting errors:<br>
<br>
sudo sh <a href="http://bypass.sh/">http://bypass.sh/</a> + iptables -t mangle -L PREROUTING + grep<br>
bypasspool + [ 1 -ne 0 ] + iptables -t mangle -I PREROUTING -m set<br>
--match-set bypasspool dst,src -j DIVERT iptables <a href="http://v1.6.0/">http://v1.6.0/</a> Set<br>
bypasspool doesn't exist. Try `iptables -h' or 'iptables --help' for more<br>
information. + ipset create bypasspool hash:ip <a href="http://bypass.sh/">http://bypass.sh/</a> 10:<br>
<a href="http://bypass.sh/">http://bypass.sh/</a> ipset: not found + read item +<br>
echohttp://lyncdiscover.solcv.com/ <a href="http://lyncdiscover.solcv.com/">http://lyncdiscover.solcv.com/</a> + host -4<br>
<a href="http://lyncdiscover.solcv.com/">http://lyncdiscover.solcv.com/</a> + grep has address + awk {print $4} + xargs<br>
-l1 ipset add bypasspool xargs: ipset: No such file or directory + read item<br>
+ echo <a href="http://webdir0a.online.lync.com/http://webdir0a.online.lync.com/">
http://webdir0a.online.lync.com/http://webdir0a.online.lync.com/</a> +<br>
host -4 <a href="http://webdir0a.online.lync.com/">http://webdir0a.online.lync.com/</a> + grep has address + awk {print $4}<br>
+ xargs -l1 ipset add bypasspool xargs: ipset: No such file or directory<br>
<br>
. this goes on the same for all the domains in the text file<br>
<br>
My iptables is still <<a href="http://pastebin.com/SqpbmYQQ">http://pastebin.com/SqpbmYQQ</a>><br>
<br>
I did not quite understand what you meant by <br>
You should test whether -m set or -m socket work faster and put that one<br>
first. My change above places it at line 2 (after -m socket) assuming<br>
your iptables script is still <<a href="http://pastebin.com/SqpbmYQQ">http://pastebin.com/SqpbmYQQ</a>><br>
<br>
should I incorporate the bypass script into my iptables.sh script? run<br>
iptables first then bypass?<br>
<br>
<br>
<br>
On a side note, would adding ssl_bump exceptions to squid.conf do it?<br>
Something like: <br>
<br>
acl skype_domains <path to file><br>
ssl_bump splice skype_domains<br>
ssl_bump bump all<br>
<br>
<br>
<br>
Again, thanks again for your help.<br>
<br>
<br>
<br>
<Untitled Attachment 2.jpg> Piensa en el medio ambiente antes de imprimir<br>
este email.<br>
<br>
On Dec 6, 2016, at 9:50 AM, Amos Jeffries <<a href="mailto:squid3@treenet.co.nz">mailto:squid3@treenet.co.nz</a>><br>
wrote:<br>
<br>
On 7/12/2016 3:19 a.m., Sameh Onaissi wrote:<br>
Hello,<br>
<br>
I tried doing the changes to nat/REDIRECT in iptables.sh and I must have<br>
messed up somewhere, so I am sticking with mangle/tproxy for now since squid<br>
is working with them.<br>
<br>
How can I change Eliezer's script to mangle/tproxy?<br>
<a href="https://gist.github.com/elico/e0faadf0cc63942c5aaade808a87deef">https://gist.github.com/elico/e0faadf0cc63942c5aaade808a87deef</a><br>
<br>
Excuse my novice knowledge in iptables.<br>
<br>
No worries.<br>
<br>
You need to change where iptables attaches the 'bypasspool'. Both the<br>
table/location (-t) and the jump/action (-j).<br>
<br>
iptables -t mangle -L PREROUTING |grep bypasspool<br>
if [ "$?" -ne "0" ];then<br>
<br>
iptables -t mangle -I 2 PREROUTING \<br>
-m set --match-set bypasspool dst,src \<br>
-j DIVERT<br>
<br>
fi<br>
<br>
You should test whether -m set or -m socket work faster and put that one<br>
first. My change above places it at line 2 (after -m socket) assuming<br>
your iptables script is still <<a href="http://pastebin.com/SqpbmYQQ">http://pastebin.com/SqpbmYQQ</a>><br>
<br>
(Your script should do that line adding, not Eliezers - so that you can<br>
be sure the order is always correct).<br>
<br>
<br>
BTW: you should use iptables-save / iptables-restore instead of a slow<br>
script calling iptables "manually". Those other tools will ensure there<br>
are no gaps in the firewall initialization for nasty traffic to sneak<br>
through.<br>
<br>
I am looking at access.log to collect all domains I see heading to skype for<br>
business, as well as IPs. My question is, can I add the domains AND IPs into<br>
the domains-to-bypass.txt that the above script uses?<br>
<br>
IIRC you should be able to use domain as the parameter to ipset. But it<br>
will resolve the domain immediately and only add those IPs that it finds<br>
at that time into the pool. Any future changes, or a hidden set of IPs<br>
that rotate in/out will not be listed.<br>
<br>
Amos<br>
<br>
<br>
<br>
<br>
<br>
<br>
</div>
</span></font>
</body>
</html>