Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Hi,
- I configured Squid in Tproxy mode and Mangled the request, Now i am
- able to see my client public address, but i'm unable to see any
- request on squid access log.
- seems the request is not forwarded to squid or some thing spoofy..
- My iptables rules
- -A PREROUTING -p tcp -m socket -j DIVERT
- -A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY --on-port 4xx5
- --on-ip 10.x.x.x --tproxy-mark 0x1/0x1
- -A DIVERT -j MARK --set-xmark 0x1/0xffffffff
- -A DIVERT -j ACCEPT
- Squid Cache: Version 3.1.10
- configure options: '--build=x86_64-redhat-linux-gnu'
- '--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu'
- '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr'
- '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc'
- '--datadir=/usr/share' '--includedir=/usr/include'
- '--libdir=/usr/lib64' '--libexecdir=/usr/libexec'
- '--sharedstatedir=/var/lib' '--mandir=/usr/share/man'
- '--infodir=/usr/share/info' '--enable-internal-dns'
- '--disable-strict-error-checking' '--exec_prefix=/usr'
- '--libexecdir=/usr/lib64/squid' '--localstatedir=/var'
- '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid'
- '--with-logdir=$(localstatedir)/log/squid'
- '--with-pidfile=$(localstatedir)/run/squid.pid'
- '--disable-dependency-tracking' '--enable-arp-acl'
- '--enable-follow-x-forwarded-for'
- '--enable-auth=basic,digest,ntlm,negotiate'
- '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL,DB,POP3,squid_radius_auth'
- '--enable-ntlm-auth-helpers=smb_lm,no_check,fakeauth'
- '--enable-digest-auth-helpers=password,ldap,eDirectory'
- '--enable-negotiate-auth-helpers=squid_kerb_auth'
- '--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group'
- '--enable-cache-digests' '--enable-cachemgr-hostname=localhost'
- '--enable-delay-pools' '--enable-epoll' '--enable-icap-client'
- '--enable-ident-lookups' '--enable-linux-netfilter'
- '--enable-referer-log' '--enable-removal-policies=heap,lru'
- '--enable-snmp' '--enable-ssl' '--enable-storeio=aufs,diskd,ufs'
- '--enable-useragent-log' '--enable-wccpv2' '--enable-esi' '--with-aio'
- '--with-default-user=squid' '--with-filedescriptors=16384' '--with-dl'
- '--with-openssl' '--with-pthreads'
- 'build_alias=x86_64-redhat-linux-gnu'
- 'host_alias=x86_64-redhat-linux-gnu'
- 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall
- -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
- --param=ssp-buffer-size=4 -m64 -mtune=generic -fpie' 'LDFLAGS=-pie'
- 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
- -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fpie'
- --with-squid=/builddir/build/BUILD/squid-3.1.10
- sysctl ::
- net.ipv4.ip_forward = 1
- net.ipv4.conf.default.rp_filter = 0
- net.ipv4.conf.all.rp_filter = 0
- net.ipv4.conf.eth0.rp_filter = 0
- net.ipv4.conf.default.accept_source_route = 0
- kernel.sysrq = 0
- kernel.core_uses_pid = 1
- net.ipv4.tcp_syncookies = 1
- setsebool squid_connect_any=yes
- setsebool squid_use_tproxy=yes
- Could anybody help on this.?
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement