On Sun, 9 Aug 2009 10:58:23 -0300, Carlos Botejara <cbotejara_at_gmail.com>
wrote:
> hi, this is my first post here.
> I have a problem, but first I describe the scenario
> I have clients with public IP
> Mikrotik router redirecting traffic to SQUID
> Squid 3.1 with support for TPROXY
> Iptables 1.4.4 with support for TPROXY
> Debian Lenny / Kernel 2.6.28 with support for TPROXY
>
> well.
> The proxy works as well, and when I made some test pages whatismyip,
> shows that the ip is the CLIENT.
> However. I can not get my clients with public IP address
> simultaneously downloading from RapidShare / Megaupload ETC. The error
> shown within these pages is the typical already are downloading from
> that ip, so if viewing RapidShare IP SQUID in reality and not the
> client. How fix this?
>
> the configuration file of squid in the harbor is well
>
> http_port 81 tproxy
>
> Iptables:
>
> iptables -t mangle -N DIVERT
> iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
> iptables -t mangle -A DIVERT -j MARK --set-mark 1
> iptables -t mangle -A DIVERT -j ACCEPT
> iptables -t mangle -A PREROUTING -p tcp --dport 3128 -j TPROXY
> --tproxy-mark 0x1/0x1 --on-port 81
You have this rule ass-backwards.
TPROXY is intended to intercept port 80 traffic, not port 3128 traffic.
When the client is NOT configured to use the proxy. The HTTP request
formats are noticeably different. It's trivially easy to detect those
differences and probably what rapidshare is doing.
Please go back and use the http://wiki.squid-cache.org/Features/Tproxy4
documentation and configuration example.
>
> ip rule add fwmark 1 lookup 100
> ip route add local 0.0.0.0/0 dev lo table 100
>
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
>
> Mikrotik:
> Have a rule in the firewall to redirect all traffic to port 80 of the
> SQUID to the IP, port 3128
>
> All clients create sessions PPPOE in Router Mikrotik
>
> May help?
>
> Regards
Amos
Received on Sun Aug 09 2009 - 23:13:54 MDT
This archive was generated by hypermail 2.2.0 : Tue Aug 11 2009 - 12:00:02 MDT