Hi,
Here is my situation :
* CentOS 5.2 ( my own built kernel 2.6.25.11-TProxy-ReiserFS with this
patch : http://www.balabit.com/ downloads/files/tproxy/tproxy-
kernel-2.6.25-20080519-165031- 1211208631.tar.bz2)
* iptables v1.4.3-rc1( ftp://ftp.netfilter.org/pub/
iptables/snapshot/iptables- 20090206.tar.bz2 )
* squid 3.1.0.5 RC ( http://www.squid-cache.org/
Versions/v3/3.1/squid-3.1.0.5. tar.bz2 ) and compiled with these options :
"'--enable-poll' '--enable-storeio=aufs,diskd, ufs' '--with-pthreads'
'--enable-removal-policies= heap,lru' '--enable-
linux-netfilter' '--enable-useragent-log' '--enable-referer-log'
'--enable-underscores' '--disable-dependency- tracking'
'--disable-ident-lookups' '--with-large-files' '--enable-follow-x-forwarded-
for'
'--enable-cache-digests' '--enable-delay-pools' '--enable-truncate'
'--prefix=/usr' '--localstatedir=/var' '--sysconfdir=/etc/squid'
'--with-logdir=/var/log/squid' '--enable-wccpv2' '--enable-wccp'
'--exec_prefix=/usr' '--bindir=/usr/sbin' '--libexecdir=/usr/lib/squid'
'--with-filedescriptors=8192' --with-squid=/usr/src/squid-3. 1.0.5
--enable-ltdl-convenience\"
* with following iptables rules :
[r...@cache1 squid-3.1.0.5]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Table: mangle
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
1 DIVERT tcp -- 0.0.0.0/0 0.0.0.0/0 socket
2 TPROXY tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
TPROXY redirect 0.0.0.0:3129 mark 0x1/0x1
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
Chain DIVERT (1 references)
num target prot opt source destination
1 MARK all -- 0.0.0.0/0 0.0.0.0/0 MARK xset
0x1/0xffffffff
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
[r...@cache1 squid-3.1.0.5]#
* With following iproute2 rules : [r...@cache1 squid-3.1.0.5]# ip ru list
0: from all lookup 255
32765: from all fwmark 0x1 lookup 100
32766: from all lookup main
32767: from all lookup default
[r...@cache1 squid-3.1.0.5]# ip ro list table 100
local default dev lo scope host
[r...@cache1 squid-3.1.0.5]#
* with following http_port line in squid : http_port 3129 tproxyeverything
seems to be working and squid run with these messages in cache.log :
2009/02/07 22:22:43| Accepting spoofing HTTP connections at 0.0.0.0:3129, FD
16.
my
requests seems to be redirected to port 3129 as I expected and the
pages are loading propertly. But the problem is that when I go to site
http://myipaddress.co.uk/ it gives me the cache ip address instead of my own
client ip address. here is the tethereal output for one of my requests :
[r...@cache1 ~]# tethereal host 213.171.218.15 -n
Running as user "root" and group "root". This could be dangerous.
Capturing on eth1
0.000000 85.247.162.18 -> 213.171.218.15 HTTP GET / HTTP/1.1
0.000004 213.171.218.15 -> 85.247.162.18 TCP 80 > 39571 [ACK] Seq=1 Ack=386
Win=62 Len=0 TSV=11294071 TSER=2135261
0.000006 85.247.162.2 -> 213.171.218.15 TCP 35330 > 80 [SYN] Seq=0 Win=5840
Len=0 MSS=1460 TSV=11294071 TSER=0 WS=7
0.199523 213.171.218.15 -> 85.247.162.2 TCP 80 > 35330 [SYN, ACK] Seq=0 Ack=1
Win=16384 Len=0 MSS=1460 WS=0 TSV=0 TSER=0
0.199533 85.247.162.2 -> 213.171.218.15 TCP 35330 > 80 [ACK] Seq=1 Ack=1
Win=5888 Len=0 TSV=11294268 TSER=0
0.199603 85.247.162.2 -> 213.171.218.15 HTTP GET / HTTP/1.0
0.504191 213.171.218.15 -> 85.247.162.2 TCP [TCP segment of a reassembled PDU]
0.504199 85.247.162.2 -> 213.171.218.15 TCP 35330 > 80 [ACK] Seq=451 Ack=1449
Win=8832 Len=0 TSV=11294570 TSER=52303830
0.504241 213.171.218.15 -> 85.247.162.2 HTTP HTTP/1.1 200 OK (text/html)
0.504246 85.247.162.2 -> 213.171.218.15 TCP 35330 > 80 [ACK] Seq=451 Ack=2083
Win=11648 Len=0 TSV=11294570 TSER=52303830
0.504359 213.171.218.15 -> 85.247.162.18 HTTP HTTP/1.0 200 OK (text/html)
0.504364 213.171.218.15 -> 85.247.162.18 HTTP Continuation or non-HTTP traffic
0.504402 213.171.218.15 -> 85.247.162.18 HTTP Continuation or non-HTTP traffic
0.514428 85.247.162.18 -> 213.171.218.15 TCP 39571 > 80 [ACK] Seq=386
Ack=1449 Win=3386 Len=0 TSV=2135390 TSER=11294570
0.514577 85.247.162.18 -> 213.171.218.15 TCP 39571 > 80 [ACK] Seq=386
Ack=1579 Win=3386 Len=0 TSV=2135390 TSER=11294570
0.517022 85.247.162.18 -> 213.171.218.15 TCP 39571 > 80 [ACK] Seq=386
Ack=2213 Win=4110 Len=0 TSV=2135390 TSER=11294570
Where my client ip address is 85.247.162.18 and my cache server ip
address is 85.247.162.2. This means that the client ip spoofing is not
working with tproxy4. Can any guide me ?
--
Regards
Hamid Hashemi
