API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 7th, 2014
293
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.96 KB | None | 0 0
raw download clone embed print report
  1. Hi,
  2.  
  3. I configured Squid in Tproxy mode and Mangled the request, Now i am
  4. able to see my client public address, but i'm unable to see any
  5. request on squid access log.
  6. seems the request is not forwarded to squid or some thing spoofy..
  7.  
  8. My iptables rules
  9.  
  10. -A PREROUTING -p tcp -m socket -j DIVERT
  11. -A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY --on-port 4xx5
  12. --on-ip 10.x.x.x --tproxy-mark 0x1/0x1
  13. -A DIVERT -j MARK --set-xmark 0x1/0xffffffff
  14. -A DIVERT -j ACCEPT
  15.  
  16. Squid Cache: Version 3.1.10
  17. configure options: '--build=x86_64-redhat-linux-gnu'
  18. '--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu'
  19. '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr'
  20. '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc'
  21. '--datadir=/usr/share' '--includedir=/usr/include'
  22. '--libdir=/usr/lib64' '--libexecdir=/usr/libexec'
  23. '--sharedstatedir=/var/lib' '--mandir=/usr/share/man'
  24. '--infodir=/usr/share/info' '--enable-internal-dns'
  25. '--disable-strict-error-checking' '--exec_prefix=/usr'
  26. '--libexecdir=/usr/lib64/squid' '--localstatedir=/var'
  27. '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid'
  28. '--with-logdir=$(localstatedir)/log/squid'
  29. '--with-pidfile=$(localstatedir)/run/squid.pid'
  30. '--disable-dependency-tracking' '--enable-arp-acl'
  31. '--enable-follow-x-forwarded-for'
  32. '--enable-auth=basic,digest,ntlm,negotiate'
  33. '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL,DB,POP3,squid_radius_auth'
  34. '--enable-ntlm-auth-helpers=smb_lm,no_check,fakeauth'
  35. '--enable-digest-auth-helpers=password,ldap,eDirectory'
  36. '--enable-negotiate-auth-helpers=squid_kerb_auth'
  37. '--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group'
  38. '--enable-cache-digests' '--enable-cachemgr-hostname=localhost'
  39. '--enable-delay-pools' '--enable-epoll' '--enable-icap-client'
  40. '--enable-ident-lookups' '--enable-linux-netfilter'
  41. '--enable-referer-log' '--enable-removal-policies=heap,lru'
  42. '--enable-snmp' '--enable-ssl' '--enable-storeio=aufs,diskd,ufs'
  43. '--enable-useragent-log' '--enable-wccpv2' '--enable-esi' '--with-aio'
  44. '--with-default-user=squid' '--with-filedescriptors=16384' '--with-dl'
  45. '--with-openssl' '--with-pthreads'
  46. 'build_alias=x86_64-redhat-linux-gnu'
  47. 'host_alias=x86_64-redhat-linux-gnu'
  48. 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall
  49. -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
  50. --param=ssp-buffer-size=4 -m64 -mtune=generic -fpie' 'LDFLAGS=-pie'
  51. 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
  52. -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fpie'
  53. --with-squid=/builddir/build/BUILD/squid-3.1.10
  54.  
  55. sysctl ::
  56.  
  57. net.ipv4.ip_forward = 1
  58. net.ipv4.conf.default.rp_filter = 0
  59. net.ipv4.conf.all.rp_filter = 0
  60. net.ipv4.conf.eth0.rp_filter = 0
  61. net.ipv4.conf.default.accept_source_route = 0
  62. kernel.sysrq = 0
  63. kernel.core_uses_pid = 1
  64. net.ipv4.tcp_syncookies = 1
  65.  
  66. setsebool squid_connect_any=yes
  67. setsebool squid_use_tproxy=yes
  68.  
  69. Could anybody help on this.?
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!