[squid-users] Fwd: squid intercept config

Monah Baki monahbaki at gmail.com
Sat Mar 7 01:11:14 UTC 2015 

Windows Client - 10.0.0.23 MAC (9d:3a:96)

root at ISN-PHC-CACHE:/home/support # arp -a
 (10.0.0.9) at 00:00:0c:07:ac:01 on bge0 THIS IS THE PHYSICAL INTERFACE ON
THE ROUTER
 (10.0.0.10) at 88:5a:92:63:77:81 on bge0  THIS IS THE GATEWAY IP ON THE
DESKTOP AND SQUID SERVER
 (10.0.0.24) at a0:d3:c1:06:a5:c4 on bge0 THIS IS THE SQUID SERVER


User was trying to access www.espn.com

Frame 8 and 9 is where I get my access denied.

No.     Time        Source                Destination           Protocol
Length Info
      7 0.508041    68.71.212.158         10.0.0.23             TCP
3902   80→42794 [PSH, ACK] Seq=412 Ack=401 Win=65664 Len=1460

Frame 7: 3902 bytes on wire (31216 bits), 1500 bytes captured (12000 bits)
    Encapsulation type: Ethernet (1)
    Arrival Time: Mar  6, 2015 09:41:41.453922000 Eastern Standard Time
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1425652901.453922000 seconds
    [Time delta from previous captured frame: 0.000118000 seconds]
    [Time delta from previous displayed frame: 0.000118000 seconds]
    [Time since reference or first frame: 0.508041000 seconds]
    Frame Number: 7
    Frame Length: 3902 bytes (31216 bits)
    Capture Length: 1500 bytes (12000 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:tcp:http]
    [Coloring Rule Name: HTTP]
    [Coloring Rule String: http || tcp.port == 80 || http2]
Ethernet II, Src: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4), Dst:
CompalIn_9d:3a:96 (20:89:84:9d:3a:96)
    Destination: CompalIn_9d:3a:96 (20:89:84:9d:3a:96)
    Source: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
    Type: IP (0x0800)
Internet Protocol Version 4, Src: 68.71.212.158 (68.71.212.158), Dst:
10.0.0.23 (10.0.0.23)
    Version: 4
    Header Length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00:
Not-ECT (Not ECN-Capable Transport))
    Total Length: 1500
    Identification: 0x2222 (8738)
    Flags: 0x02 (Don't Fragment)
    Fragment offset: 0
    Time to live: 64
    Protocol: TCP (6)
    Header checksum: 0x0000 [validation disabled]
    Source: 68.71.212.158 (68.71.212.158)
    Destination: 10.0.0.23 (10.0.0.23)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 80 (80), Dst Port: 42794 (42794),
Seq: 412, Ack: 401, Len: 1460

No.     Time        Source                Destination           Protocol
Length Info
      8 0.508073    68.71.212.158         10.0.0.23             TCP
170    [TCP Previous segment not captured] [TCP segment of a reassembled
PDU]

Frame 8: 170 bytes on wire (1360 bits), 170 bytes captured (1360 bits)
    Encapsulation type: Ethernet (1)
    Arrival Time: Mar  6, 2015 09:41:41.453954000 Eastern Standard Time
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1425652901.453954000 seconds
    [Time delta from previous captured frame: 0.000032000 seconds]
    [Time delta from previous displayed frame: 0.000032000 seconds]
    [Time since reference or first frame: 0.508073000 seconds]
    Frame Number: 8
    Frame Length: 170 bytes (1360 bits)
    Capture Length: 170 bytes (1360 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:tcp]
    [Coloring Rule Name: Bad TCP]
    [Coloring Rule String: tcp.analysis.flags &&
!tcp.analysis.window_update]
Ethernet II, Src: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4), Dst:
CompalIn_9d:3a:96 (20:89:84:9d:3a:96)
    Destination: CompalIn_9d:3a:96 (20:89:84:9d:3a:96)
    Source: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
    Type: IP (0x0800)
Internet Protocol Version 4, Src: 68.71.212.158 (68.71.212.158), Dst:
10.0.0.23 (10.0.0.23)
    Version: 4
    Header Length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00:
Not-ECT (Not ECN-Capable Transport))
    Total Length: 156
    Identification: 0x2223 (8739)
    Flags: 0x02 (Don't Fragment)
    Fragment offset: 0
    Time to live: 64
    Protocol: TCP (6)
    Header checksum: 0x0000 [validation disabled]
    Source: 68.71.212.158 (68.71.212.158)
    Destination: 10.0.0.23 (10.0.0.23)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 80 (80), Dst Port: 42794 (42794),
Seq: 4260, Ack: 401, Len: 116

No.     Time        Source                Destination           Protocol
Length Info
      9 0.508835    10.0.0.23             68.71.212.158         TCP
60     [TCP ACKed unseen segment] 42794→80 [ACK] Seq=401 Ack=3332 Win=65536
Len=0

Frame 9: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
    Encapsulation type: Ethernet (1)
    Arrival Time: Mar  6, 2015 09:41:41.454716000 Eastern Standard Time
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1425652901.454716000 seconds
    [Time delta from previous captured frame: 0.000762000 seconds]
    [Time delta from previous displayed frame: 0.000762000 seconds]
    [Time since reference or first frame: 0.508835000 seconds]
    Frame Number: 9
    Frame Length: 60 bytes (480 bits)
    Capture Length: 60 bytes (480 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:tcp]
    [Coloring Rule Name: Bad TCP]
    [Coloring Rule String: tcp.analysis.flags &&
!tcp.analysis.window_update]
Ethernet II, Src: Cisco_63:77:81 (88:5a:92:63:77:81), Dst:
HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
    Destination: HewlettP_06:a5:c4 (a0:d3:c1:06:a5:c4)
    Source: Cisco_63:77:81 (88:5a:92:63:77:81)
    Type: IP (0x0800)
    Padding: aaaa0000aaaa
Internet Protocol Version 4, Src: 10.0.0.23 (10.0.0.23), Dst: 68.71.212.158
(68.71.212.158)
    Version: 4
    Header Length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00:
Not-ECT (Not ECN-Capable Transport))
    Total Length: 40
    Identification: 0x572a (22314)
    Flags: 0x02 (Don't Fragment)
    Fragment offset: 0
    Time to live: 127
    Protocol: TCP (6)
    Header checksum: 0x81a9 [validation disabled]
    Source: 10.0.0.23 (10.0.0.23)
    Destination: 68.71.212.158 (68.71.212.158)
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
Transmission Control Protocol, Src Port: 42794 (42794), Dst Port: 80 (80),
Seq: 401, Ack: 3332, Len: 0

On Fri, Mar 6, 2015 at 8:57 AM, Antony Stone <
Antony.Stone at squid.open.source.it> wrote:

> On Friday 06 March 2015 at 14:50:50 (EU time), Monah Baki wrote:
>
> > http://wiki.squid-cache.org/ConfigExamples/Intercept/FreeBsdPf
> >
> > So something else is missing?
>
> Can you run a packet sniffer on the proxy, to see what packets come in
> (noting
> the MAC address of the previous hop), what packets go out (to what
> address/es), and whether they then seem to come back in again (and if so,
> from
> which MAC address)?
>
> That might give you a clue as to where the forwarding loop is being
> created.
>
>
> Regards,
>
>
> Antony.
>
> --
> How I want a drink, alcoholic of course, after the heavy chapters involving
> quantum mechanics.
>
>  - mnemonic for 3.14159265358979
>
>                                                    Please reply to the
> list;
>                                                          please *don't* CC
> me.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150306/f3cd1f51/attachment.html>

More information about the squid-users mailing list