subject:"\"\\\[squid\\\-users\\\] client ip's\""

[squid-users] client ip's

2008-04-01 Thread Jorge Bastos

Hi,

My squid always report "localhost" on the client's IP.
What can I do to correct this? Only started to happen with the last 3.0
stable2.


---
1207040749.939436 localhost TCP_MISS/200 1528 GET
http://library.gnome.org/skin/tab_right.png - DIRECT/209.132.176.176
image/png

RE: [squid-users] client ip's

2008-04-01 Thread Jorge Bastos

No, just squid himself.




> -Original Message-
> From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]
> Sent: terça-feira, 1 de Abril de 2008 10:22
> To: Jorge Bastos
> Cc: squid-users@squid-cache.org
> Subject: Re: [squid-users] client ip's
> 
> 
> tis 2008-04-01 klockan 10:07 +0100 skrev Jorge Bastos:
> > Hi,
> >
> > My squid always report "localhost" on the client's IP.
> > What can I do to correct this? Only started to happen with the last
> 3.0
> > stable2.
> 
> are you using dansguardian or another filtering proxy infront of your
> Squid?
> 
> Regards
> Henrik

Re: [squid-users] client ip's

2008-04-01 Thread Henrik Nordstrom


tis 2008-04-01 klockan 10:07 +0100 skrev Jorge Bastos:
> Hi,
> 
> My squid always report "localhost" on the client's IP.
> What can I do to correct this? Only started to happen with the last 3.0
> stable2.

are you using dansguardian or another filtering proxy infront of your
Squid?

Regards
Henrik

RE: [squid-users] client ip's

2008-04-01 Thread Henrik Nordstrom

tis 2008-04-01 klockan 12:29 +0100 skrev Jorge Bastos:
> No, just squid himself.

As a plain proxy, or playing with NAT?

Regards
Henrik

RE: [squid-users] client ip's

2008-04-02 Thread Jorge Bastos

Transparent proxy

Squid running on: 8080
And I forward 80 => 8080 (squid) => web

My iptables rules are intact, I believe it was from 3.0 stable 1 or 2 that
this started to happen.




> -Original Message-
> From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]
> Sent: quarta-feira, 2 de Abril de 2008 0:12
> To: Jorge Bastos
> Cc: squid-users@squid-cache.org
> Subject: RE: [squid-users] client ip's
> 
> tis 2008-04-01 klockan 12:29 +0100 skrev Jorge Bastos:
> > No, just squid himself.
> 
> As a plain proxy, or playing with NAT?
> 
> Regards
> Henrik

RE: [squid-users] client ip's

2008-04-02 Thread Henrik Nordstrom

WHat do your iptables NAT rules look like?

iptables-save -t nat

ons 2008-04-02 klockan 09:18 +0100 skrev Jorge Bastos:
> Transparent proxy
> 
> Squid running on: 8080
> And I forward 80 => 8080 (squid) => web
> 
> My iptables rules are intact, I believe it was from 3.0 stable 1 or 2 that
> this started to happen.
> 
> 
> 
> 
> > -Original Message-
> > From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]
> > Sent: quarta-feira, 2 de Abril de 2008 0:12
> > To: Jorge Bastos
> > Cc: squid-users@squid-cache.org
> > Subject: RE: [squid-users] client ip's
> > 
> > tis 2008-04-01 klockan 12:29 +0100 skrev Jorge Bastos:
> > > No, just squid himself.
> > 
> > As a plain proxy, or playing with NAT?
> > 
> > Regards
> > Henrik
>

RE: [squid-users] client ip's

2008-04-02 Thread Jorge Bastos

The rule I use to redirect traffic from 80 to 8080 is:
I must remember, this was working before 3.0 stable1 or stable2 (not using
stable2), I just saw this was happening now.

iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 80 -j DNAT
--to-destination 192.168.1.1:8080


cisne:~# iptables-save -t nat
# Generated by iptables-save v1.4.0 on Wed Apr  2 17:12:25 2008
*nat
:PREROUTING ACCEPT [35:1650]
:POSTROUTING ACCEPT [10307:1367320]
:OUTPUT ACCEPT [66427:4357431]
-A PREROUTING -d 193.164.158.105/32 -j DROP
-A PREROUTING -i eth1 -p tcp -m tcp --dport 5111 -j DNAT --to-destination
192.168.1.11:5900
-A PREROUTING -i eth1 -p tcp -m tcp --dport 5901 -j DNAT --to-destination
192.168.1.2:5900
-A PREROUTING -i eth1 -p tcp -m tcp --dport 5969 -j DNAT --to-destination
192.168.1.3:5900
-A PREROUTING -i eth1 -p tcp -m tcp --dport 3389 -j DNAT --to-destination
192.168.1.204:3389
-A PREROUTING -s 192.168.1.0/24 -p tcp -m tcp --dport 80 -j DNAT
--to-destination 192.168.1.1:8080
-A PREROUTING -p gre -j ACCEPT
-A PREROUTING -p icmp -j ACCEPT
-A PREROUTING -p ah -j ACCEPT
-A PREROUTING -p udp -m udp --dport 53 -j ACCEPT
-A PREROUTING -p udp -m udp --dport 500 -j ACCEPT
-A PREROUTING -p udp -m udp --dport 1723 -j ACCEPT
-A PREROUTING -p udp -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 20 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 21 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 22 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 23 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 25 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 43 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 79 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 123 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 143 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 443 -j ACCEPT
-A PREROUTING -d 80.172.172.34/32 -p tcp -m tcp --dport 444 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 1723 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 1863 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 3306 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 3389 -j ACCEPT
-A PREROUTING -d 80.172.172.34/32 -p tcp -m tcp --dport 5000 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 5190 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 5900 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 5901 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 6667 -j ACCEPT
-A PREROUTING -s 192.168.1.0/24 -d 192.168.1.206/32 -p tcp -m tcp --dport
 -j ACCEPT
-A PREROUTING -d 192.168.1.1/32 -p tcp -m tcp --dport 8080 -j ACCEPT
-A PREROUTING -i eth1 -p tcp -m tcp --dport 30106 -j DNAT --to-destination
192.168.1.224:30106
-A PREROUTING -s 192.168.1.0/24 -p tcp -m tcp --dport 62500:63500
--tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A PREROUTING -j DROP
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
# Completed on Wed Apr  2 17:12:26 2008

-Original Message-
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] 
Sent: quarta-feira, 2 de Abril de 2008 11:42
To: Jorge Bastos
Cc: squid-users@squid-cache.org
Subject: RE: [squid-users] client ip's

WHat do your iptables NAT rules look like?

iptables-save -t nat

ons 2008-04-02 klockan 09:18 +0100 skrev Jorge Bastos:
> Transparent proxy
> 
> Squid running on: 8080
> And I forward 80 => 8080 (squid) => web
> 
> My iptables rules are intact, I believe it was from 3.0 stable 1 or 2 that
> this started to happen.
> 
> 
> 
> 
> > -Original Message-
> > From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]
> > Sent: quarta-feira, 2 de Abril de 2008 0:12
> > To: Jorge Bastos
> > Cc: squid-users@squid-cache.org
> > Subject: RE: [squid-users] client ip's
> > 
> > tis 2008-04-01 klockan 12:29 +0100 skrev Jorge Bastos:
> > > No, just squid himself.
> > 
> > As a plain proxy, or playing with NAT?
> > 
> > Regards
> > Henrik
>

Re: [squid-users] client ip's

2008-04-02 Thread Amos Jeffries


Jorge Bastos wrote:

The rule I use to redirect traffic from 80 to 8080 is:
I must remember, this was working before 3.0 stable1 or stable2 (not using
stable2), I just saw this was happening now.


What version did you upgrade from?



iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 80 -j DNAT
--to-destination 192.168.1.1:8080



If squid is running on this same box I would recommend the REDIRECT 
target instead of DNAT. It's less work for the kernel.


The other possible issue is that you have your redirection rule at the 
start of the NAT tables. The matching rule to allow squid traffic out is 
near the end.


Even if you keep DNAT, they should be in this order:

# allow squid traffic out okay.
iptables -t nat _A PREROUTING -s 192.168.1.1 -p tcp --dport 80 -j ACCEPT
# redirect all other web traffic into squid.
iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 80 -j 
REDIRECT --to-port 8080




cisne:~# iptables-save -t nat
# Generated by iptables-save v1.4.0 on Wed Apr  2 17:12:25 2008
*nat
:PREROUTING ACCEPT [35:1650]
:POSTROUTING ACCEPT [10307:1367320]
:OUTPUT ACCEPT [66427:4357431]
-A PREROUTING -d 193.164.158.105/32 -j DROP
-A PREROUTING -i eth1 -p tcp -m tcp --dport 5111 -j DNAT --to-destination
192.168.1.11:5900
-A PREROUTING -i eth1 -p tcp -m tcp --dport 5901 -j DNAT --to-destination
192.168.1.2:5900
-A PREROUTING -i eth1 -p tcp -m tcp --dport 5969 -j DNAT --to-destination
192.168.1.3:5900
-A PREROUTING -i eth1 -p tcp -m tcp --dport 3389 -j DNAT --to-destination
192.168.1.204:3389
-A PREROUTING -s 192.168.1.0/24 -p tcp -m tcp --dport 80 -j DNAT
--to-destination 192.168.1.1:8080
-A PREROUTING -p gre -j ACCEPT
-A PREROUTING -p icmp -j ACCEPT
-A PREROUTING -p ah -j ACCEPT
-A PREROUTING -p udp -m udp --dport 53 -j ACCEPT
-A PREROUTING -p udp -m udp --dport 500 -j ACCEPT
-A PREROUTING -p udp -m udp --dport 1723 -j ACCEPT
-A PREROUTING -p udp -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 20 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 21 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 22 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 23 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 25 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 43 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 79 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 123 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 143 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 443 -j ACCEPT
-A PREROUTING -d 80.172.172.34/32 -p tcp -m tcp --dport 444 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 1723 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 1863 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 3306 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 3389 -j ACCEPT
-A PREROUTING -d 80.172.172.34/32 -p tcp -m tcp --dport 5000 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 5190 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 5900 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 5901 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 6667 -j ACCEPT
-A PREROUTING -s 192.168.1.0/24 -d 192.168.1.206/32 -p tcp -m tcp --dport
 -j ACCEPT
-A PREROUTING -d 192.168.1.1/32 -p tcp -m tcp --dport 8080 -j ACCEPT
-A PREROUTING -i eth1 -p tcp -m tcp --dport 30106 -j DNAT --to-destination
192.168.1.224:30106
-A PREROUTING -s 192.168.1.0/24 -p tcp -m tcp --dport 62500:63500
--tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A PREROUTING -j DROP
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
# Completed on Wed Apr  2 17:12:26 2008

-Original Message-
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] 
Sent: quarta-feira, 2 de Abril de 2008 11:42

To: Jorge Bastos
Cc: squid-users@squid-cache.org
Subject: RE: [squid-users] client ip's

WHat do your iptables NAT rules look like?

iptables-save -t nat

ons 2008-04-02 klockan 09:18 +0100 skrev Jorge Bastos:

Transparent proxy

Squid running on: 8080
And I forward 80 => 8080 (squid) => web

My iptables rules are intact, I believe it was from 3.0 stable 1 or 2 that
this started to happen.





-Original Message-
From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]
Sent: quarta-feira, 2 de Abril de 2008 0:12
To: Jorge Bastos
Cc: squid-users@squid-cache.org
Subject: RE: [squid-users] client ip's

tis 2008-04-01 klockan 12:29 +0100 skrev Jorge Bastos:

No, just squid himself.

As a plain proxy, or playing with NAT?

Regards
Henrik





--
Please use Squid 2.6.STABLE19 or 3.0.STABLE4

Re: [squid-users] client ip's

2008-04-03 Thread Henrik Nordstrom

tor 2008-04-03 klockan 18:08 +1300 skrev Amos Jeffries:

> If squid is running on this same box I would recommend the REDIRECT 
> target instead of DNAT. It's less work for the kernel.

Actually REDIRECT is more work than DNAT as it has to look up the
primary IP of the incoming interface and dynamically construct the DNAT
rule..

Regards
Henrik
who have hacked a bit too much on Netfilter/Iptables in previous lives

RE: [squid-users] client ip's

2008-04-03 Thread Jorge Bastos

Hum, the last one's on debian.
They were 3.0 PRE-X, but don't remember the number.




> -Original Message-
> From: Amos Jeffries [mailto:[EMAIL PROTECTED]
> Sent: quinta-feira, 3 de Abril de 2008 6:08
> To: Jorge Bastos
> Cc: 'Henrik Nordstrom'; squid-users@squid-cache.org
> Subject: Re: [squid-users] client ip's
> 
> Jorge Bastos wrote:
> > The rule I use to redirect traffic from 80 to 8080 is:
> > I must remember, this was working before 3.0 stable1 or stable2 (not
> using
> > stable2), I just saw this was happening now.
> 
> What version did you upgrade from?
> 
> >
> > iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 80 -j
> DNAT
> > --to-destination 192.168.1.1:8080
> >
> 
> If squid is running on this same box I would recommend the REDIRECT
> target instead of DNAT. It's less work for the kernel.
> 
> The other possible issue is that you have your redirection rule at the
> start of the NAT tables. The matching rule to allow squid traffic out
> is
> near the end.
> 
> Even if you keep DNAT, they should be in this order:
> 
> # allow squid traffic out okay.
> iptables -t nat _A PREROUTING -s 192.168.1.1 -p tcp --dport 80 -j
> ACCEPT
> # redirect all other web traffic into squid.
> iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 80 -j
> REDIRECT --to-port 8080
> 
> >
> > cisne:~# iptables-save -t nat
> > # Generated by iptables-save v1.4.0 on Wed Apr  2 17:12:25 2008
> > *nat
> > :PREROUTING ACCEPT [35:1650]
> > :POSTROUTING ACCEPT [10307:1367320]
> > :OUTPUT ACCEPT [66427:4357431]
> > -A PREROUTING -d 193.164.158.105/32 -j DROP
> > -A PREROUTING -i eth1 -p tcp -m tcp --dport 5111 -j DNAT --to-
> destination
> > 192.168.1.11:5900
> > -A PREROUTING -i eth1 -p tcp -m tcp --dport 5901 -j DNAT --to-
> destination
> > 192.168.1.2:5900
> > -A PREROUTING -i eth1 -p tcp -m tcp --dport 5969 -j DNAT --to-
> destination
> > 192.168.1.3:5900
> > -A PREROUTING -i eth1 -p tcp -m tcp --dport 3389 -j DNAT --to-
> destination
> > 192.168.1.204:3389
> > -A PREROUTING -s 192.168.1.0/24 -p tcp -m tcp --dport 80 -j DNAT
> > --to-destination 192.168.1.1:8080
> > -A PREROUTING -p gre -j ACCEPT
> > -A PREROUTING -p icmp -j ACCEPT
> > -A PREROUTING -p ah -j ACCEPT
> > -A PREROUTING -p udp -m udp --dport 53 -j ACCEPT
> > -A PREROUTING -p udp -m udp --dport 500 -j ACCEPT
> > -A PREROUTING -p udp -m udp --dport 1723 -j ACCEPT
> > -A PREROUTING -p udp -j ACCEPT
> > -A PREROUTING -p tcp -m tcp --dport 20 -j ACCEPT
> > -A PREROUTING -p tcp -m tcp --dport 21 -j ACCEPT
> > -A PREROUTING -p tcp -m tcp --dport 22 -j ACCEPT
> > -A PREROUTING -p tcp -m tcp --dport 23 -j ACCEPT
> > -A PREROUTING -p tcp -m tcp --dport 25 -j ACCEPT
> > -A PREROUTING -p tcp -m tcp --dport 43 -j ACCEPT
> > -A PREROUTING -p tcp -m tcp --dport 79 -j ACCEPT
> > -A PREROUTING -p tcp -m tcp --dport 123 -j ACCEPT
> > -A PREROUTING -p tcp -m tcp --dport 143 -j ACCEPT
> > -A PREROUTING -p tcp -m tcp --dport 443 -j ACCEPT
> > -A PREROUTING -d 80.172.172.34/32 -p tcp -m tcp --dport 444 -j ACCEPT
> > -A PREROUTING -p tcp -m tcp --dport 1723 -j ACCEPT
> > -A PREROUTING -p tcp -m tcp --dport 1863 -j ACCEPT
> > -A PREROUTING -p tcp -m tcp --dport 3306 -j ACCEPT
> > -A PREROUTING -p tcp -m tcp --dport 3389 -j ACCEPT
> > -A PREROUTING -d 80.172.172.34/32 -p tcp -m tcp --dport 5000 -j
> ACCEPT
> > -A PREROUTING -p tcp -m tcp --dport 5190 -j ACCEPT
> > -A PREROUTING -p tcp -m tcp --dport 5900 -j ACCEPT
> > -A PREROUTING -p tcp -m tcp --dport 5901 -j ACCEPT
> > -A PREROUTING -p tcp -m tcp --dport 6667 -j ACCEPT
> > -A PREROUTING -s 192.168.1.0/24 -d 192.168.1.206/32 -p tcp -m tcp --
> dport
> >  -j ACCEPT
> > -A PREROUTING -d 192.168.1.1/32 -p tcp -m tcp --dport 8080 -j ACCEPT
> > -A PREROUTING -i eth1 -p tcp -m tcp --dport 30106 -j DNAT --to-
> destination
> > 192.168.1.224:30106
> > -A PREROUTING -s 192.168.1.0/24 -p tcp -m tcp --dport 62500:63500
> > --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
> > -A PREROUTING -j DROP
> > -A POSTROUTING -o eth1 -j MASQUERADE
> > COMMIT
> > # Completed on Wed Apr  2 17:12:26 2008
> >
> > -Original Message-
> > From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]
> > Sent: quarta-feira, 2 de Abril de 2008 11:42
> > To: Jorge Bastos
> > Cc: squid-users@squid-cache.org
> > Subject: RE: [squid-users] client ip's
> >
> > WHat do your iptables NAT rules look like?
> >
> > iptables-save -t nat
> >
> > ons 200

RE: [squid-users] client ip's

2008-04-05 Thread Jorge Bastos

People,

I updated to last STABLE-4 on debian, but this still happens this way.
What can I do more?

Jorge   

> -Original Message-
> From: Jorge Bastos [mailto:[EMAIL PROTECTED]
> Sent: quinta-feira, 3 de Abril de 2008 9:56
> To: 'Amos Jeffries'
> Cc: 'Henrik Nordstrom'; squid-users@squid-cache.org
> Subject: RE: [squid-users] client ip's
> 
> Hum, the last one's on debian.
> They were 3.0 PRE-X, but don't remember the number.
> 
> 
> 
> 
> > -Original Message-
> > From: Amos Jeffries [mailto:[EMAIL PROTECTED]
> > Sent: quinta-feira, 3 de Abril de 2008 6:08
> > To: Jorge Bastos
> > Cc: 'Henrik Nordstrom'; squid-users@squid-cache.org
> > Subject: Re: [squid-users] client ip's
> >
> > Jorge Bastos wrote:
> > > The rule I use to redirect traffic from 80 to 8080 is:
> > > I must remember, this was working before 3.0 stable1 or stable2
> (not
> > using
> > > stable2), I just saw this was happening now.
> >
> > What version did you upgrade from?
> >
> > >
> > > iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 80 -
> j
> > DNAT
> > > --to-destination 192.168.1.1:8080
> > >
> >
> > If squid is running on this same box I would recommend the REDIRECT
> > target instead of DNAT. It's less work for the kernel.
> >
> > The other possible issue is that you have your redirection rule at
> the
> > start of the NAT tables. The matching rule to allow squid traffic out
> > is
> > near the end.
> >
> > Even if you keep DNAT, they should be in this order:
> >
> > # allow squid traffic out okay.
> > iptables -t nat _A PREROUTING -s 192.168.1.1 -p tcp --dport 80 -j
> > ACCEPT
> > # redirect all other web traffic into squid.
> > iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 80 -j
> > REDIRECT --to-port 8080
> >
> > >
> > > cisne:~# iptables-save -t nat
> > > # Generated by iptables-save v1.4.0 on Wed Apr  2 17:12:25 2008
> > > *nat
> > > :PREROUTING ACCEPT [35:1650]
> > > :POSTROUTING ACCEPT [10307:1367320]
> > > :OUTPUT ACCEPT [66427:4357431]
> > > -A PREROUTING -d 193.164.158.105/32 -j DROP
> > > -A PREROUTING -i eth1 -p tcp -m tcp --dport 5111 -j DNAT --to-
> > destination
> > > 192.168.1.11:5900
> > > -A PREROUTING -i eth1 -p tcp -m tcp --dport 5901 -j DNAT --to-
> > destination
> > > 192.168.1.2:5900
> > > -A PREROUTING -i eth1 -p tcp -m tcp --dport 5969 -j DNAT --to-
> > destination
> > > 192.168.1.3:5900
> > > -A PREROUTING -i eth1 -p tcp -m tcp --dport 3389 -j DNAT --to-
> > destination
> > > 192.168.1.204:3389
> > > -A PREROUTING -s 192.168.1.0/24 -p tcp -m tcp --dport 80 -j DNAT
> > > --to-destination 192.168.1.1:8080
> > > -A PREROUTING -p gre -j ACCEPT
> > > -A PREROUTING -p icmp -j ACCEPT
> > > -A PREROUTING -p ah -j ACCEPT
> > > -A PREROUTING -p udp -m udp --dport 53 -j ACCEPT
> > > -A PREROUTING -p udp -m udp --dport 500 -j ACCEPT
> > > -A PREROUTING -p udp -m udp --dport 1723 -j ACCEPT
> > > -A PREROUTING -p udp -j ACCEPT
> > > -A PREROUTING -p tcp -m tcp --dport 20 -j ACCEPT
> > > -A PREROUTING -p tcp -m tcp --dport 21 -j ACCEPT
> > > -A PREROUTING -p tcp -m tcp --dport 22 -j ACCEPT
> > > -A PREROUTING -p tcp -m tcp --dport 23 -j ACCEPT
> > > -A PREROUTING -p tcp -m tcp --dport 25 -j ACCEPT
> > > -A PREROUTING -p tcp -m tcp --dport 43 -j ACCEPT
> > > -A PREROUTING -p tcp -m tcp --dport 79 -j ACCEPT
> > > -A PREROUTING -p tcp -m tcp --dport 123 -j ACCEPT
> > > -A PREROUTING -p tcp -m tcp --dport 143 -j ACCEPT
> > > -A PREROUTING -p tcp -m tcp --dport 443 -j ACCEPT
> > > -A PREROUTING -d 80.172.172.34/32 -p tcp -m tcp --dport 444 -j
> ACCEPT
> > > -A PREROUTING -p tcp -m tcp --dport 1723 -j ACCEPT
> > > -A PREROUTING -p tcp -m tcp --dport 1863 -j ACCEPT
> > > -A PREROUTING -p tcp -m tcp --dport 3306 -j ACCEPT
> > > -A PREROUTING -p tcp -m tcp --dport 3389 -j ACCEPT
> > > -A PREROUTING -d 80.172.172.34/32 -p tcp -m tcp --dport 5000 -j
> > ACCEPT
> > > -A PREROUTING -p tcp -m tcp --dport 5190 -j ACCEPT
> > > -A PREROUTING -p tcp -m tcp --dport 5900 -j ACCEPT
> > > -A PREROUTING -p tcp -m tcp --dport 5901 -j ACCEPT
> > > -A PREROUTING -p tcp -m tcp --dport 6667 -j ACCEPT
> > > -A PREROUTING -s 192.168.1.0/24 -d 192.168.1.206/32 -p tcp -m tcp -
> -
> &

RE: [squid-users] client ip's

2008-04-05 Thread Henrik Nordstrom

lör 2008-04-05 klockan 14:24 +0100 skrev Jorge Bastos:

> I updated to last STABLE-4 on debian, but this still happens this way.
> What can I do more?

Good question.

One thing you can try is to downgrade to Squid-2.6. If that shows the
same symptoms the problem is not within Squid but most likely in your
firewall ruleset or something else relevant to how the connections end
up at your Squid.

Regards
Henrik

RE: [squid-users] client ip's

2008-04-05 Thread Jorge Bastos

This already worked with some of the 3.0 versions.
Gonna try to play with my iptables rules and let you guys know.




> -Original Message-
> From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]
> Sent: sábado, 5 de Abril de 2008 19:38
> To: Jorge Bastos
> Cc: 'Amos Jeffries'; squid-users@squid-cache.org
> Subject: RE: [squid-users] client ip's
> 
> lr 2008-04-05 klockan 14:24 +0100 skrev Jorge Bastos:
> 
> > I updated to last STABLE-4 on debian, but this still happens this
> way.
> > What can I do more?
> 
> Good question.
> 
> One thing you can try is to downgrade to Squid-2.6. If that shows the
> same symptoms the problem is not within Squid but most likely in your
> firewall ruleset or something else relevant to how the connections end
> up at your Squid.
> 
> Regards
> Henrik

RE: [squid-users] client ip's

2008-04-10 Thread Jorge Bastos

Hum I got some news on this,

I don't know why my system started to give me this information:

Kernel IP routing table
Destination Gateway Genmask Flags Metric RefUse Iface
192.168.1.0 *   255.255.255.0   U 0  00 eth0
192.168.0.0 *   255.255.255.0   U 0  00 eth1
default localhost   0.0.0.0 UG0  00 eth1

Kernel IP routing table
Destination Gateway Genmask Flags Metric RefUse Iface
192.168.1.0 0.0.0.0 255.255.255.0   U 0  00 eth0
192.168.0.0 0.0.0.0 255.255.255.0   U 0  00 eth1
0.0.0.0 192.168.0.254   0.0.0.0 UG0  00 eth1


The fact is that the hosts file is correct:

cisne:~# cat /etc/hosts
127.0.0.1   localhost

I only have this there

I know this is not squid related but if you guys can give me a hand.
I have no idea why is it resolving 192.168.0.254 to localhost.





> -Original Message-
> From: Jorge Bastos [mailto:[EMAIL PROTECTED]
> Sent: sábado, 5 de Abril de 2008 21:23
> To: 'Henrik Nordstrom'
> Cc: 'Amos Jeffries'; squid-users@squid-cache.org
> Subject: RE: [squid-users] client ip's
> 
> This already worked with some of the 3.0 versions.
> Gonna try to play with my iptables rules and let you guys know.
> 
> 
> 
> 
> > -Original Message-
> > From: Henrik Nordstrom [mailto:[EMAIL PROTECTED]
> > Sent: sábado, 5 de Abril de 2008 19:38
> > To: Jorge Bastos
> > Cc: 'Amos Jeffries'; squid-users@squid-cache.org
> > Subject: RE: [squid-users] client ip's
> >
> > lr 2008-04-05 klockan 14:24 +0100 skrev Jorge Bastos:
> >
> > > I updated to last STABLE-4 on debian, but this still happens this
> > way.
> > > What can I do more?
> >
> > Good question.
> >
> > One thing you can try is to downgrade to Squid-2.6. If that shows the
> > same symptoms the problem is not within Squid but most likely in your
> > firewall ruleset or something else relevant to how the connections
> end
> > up at your Squid.
> >
> > Regards
> > Henrik
>

RE: [squid-users] client ip's

2008-04-10 Thread julian julian

Jorge: have you set the network properly? Are you
using 192.168.x.x net. The network parameter must be
wrote in 
../ifcfg-eth0 and ../ifcfg-eth1 file (because I
suspect that you have two nics). The route command
shows some aspect of your network configuration.

Julián

--- Jorge Bastos <[EMAIL PROTECTED]> wrote:

> Hum I got some news on this,
> 
> I don't know why my system started to give me this
> information:
> 
> Kernel IP routing table
> Destination Gateway Genmask
> Flags Metric RefUse Iface
> 192.168.1.0 *   255.255.255.0   U   
>  0  00 eth0
> 192.168.0.0 *   255.255.255.0   U   
>  0  00 eth1
> default localhost   0.0.0.0 UG  
>  0  00 eth1
> 
> Kernel IP routing table
> Destination Gateway Genmask
> Flags Metric RefUse Iface
> 192.168.1.0 0.0.0.0 255.255.255.0   U   
>  0  00 eth0
> 192.168.0.0 0.0.0.0 255.255.255.0   U   
>  0  00 eth1
> 0.0.0.0 192.168.0.254   0.0.0.0 UG  
>  0  00 eth1
> 
> 
> The fact is that the hosts file is correct:
> 
> cisne:~# cat /etc/hosts
> 127.0.0.1   localhost
> 
> I only have this there
> 
> I know this is not squid related but if you guys can
> give me a hand.
> I have no idea why is it resolving 192.168.0.254 to
> localhost.
> 
> 
> 
> 
> 
> > -Original Message-
> > From: Jorge Bastos [mailto:[EMAIL PROTECTED]
> > Sent: sábado, 5 de Abril de 2008 21:23
> > To: 'Henrik Nordstrom'
> > Cc: 'Amos Jeffries'; squid-users@squid-cache.org
> > Subject: RE: [squid-users] client ip's
> > 
> > This already worked with some of the 3.0 versions.
> > Gonna try to play with my iptables rules and let
> you guys know.
> > 
> > 
> > 
> > 
> > > -Original Message-
> > > From: Henrik Nordstrom
> [mailto:[EMAIL PROTECTED]
> > > Sent: sábado, 5 de Abril de 2008 19:38
> > > To: Jorge Bastos
> > > Cc: 'Amos Jeffries'; squid-users@squid-cache.org
> > > Subject: RE: [squid-users] client ip's
> > >
> > > lr 2008-04-05 klockan 14:24 +0100 skrev Jorge
> Bastos:
> > >
> > > > I updated to last STABLE-4 on debian, but this
> still happens this
> > > way.
> > > > What can I do more?
> > >
> > > Good question.
> > >
> > > One thing you can try is to downgrade to
> Squid-2.6. If that shows the
> > > same symptoms the problem is not within Squid
> but most likely in your
> > > firewall ruleset or something else relevant to
> how the connections
> > end
> > > up at your Squid.
> > >
> > > Regards
> > > Henrik
> > 
> 
> 
> 


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

RE: [squid-users] client ip's

2008-04-10 Thread Jorge Bastos

In fact I have 3 NIC's.

Yes, the two interfaces I showed in the route print, are defined in
/etc/network/interfaces.




> -Original Message-
> From: julian julian [mailto:[EMAIL PROTECTED]
> Sent: quinta-feira, 10 de Abril de 2008 15:47
> To: Jorge Bastos
> Cc: squid
> Subject: RE: [squid-users] client ip's
> 
> Jorge: have you set the network properly? Are you
> using 192.168.x.x net. The network parameter must be
> wrote in
> ../ifcfg-eth0 and ../ifcfg-eth1 file (because I
> suspect that you have two nics). The route command
> shows some aspect of your network configuration.
> 
> Julián
> 
> --- Jorge Bastos <[EMAIL PROTECTED]> wrote:
> 
> > Hum I got some news on this,
> >
> > I don't know why my system started to give me this
> > information:
> >
> > Kernel IP routing table
> > Destination Gateway Genmask
> > Flags Metric RefUse Iface
> > 192.168.1.0 *   255.255.255.0   U
> >  0  00 eth0
> > 192.168.0.0 *   255.255.255.0   U
> >  0  00 eth1
> > default localhost   0.0.0.0 UG
> >  0  00 eth1
> >
> > Kernel IP routing table
> > Destination Gateway Genmask
> > Flags Metric RefUse Iface
> > 192.168.1.0 0.0.0.0 255.255.255.0   U
> >  0  00 eth0
> > 192.168.0.0 0.0.0.0 255.255.255.0   U
> >  0  00 eth1
> > 0.0.0.0 192.168.0.254   0.0.0.0 UG
> >  0  00 eth1
> >
> >
> > The fact is that the hosts file is correct:
> >
> > cisne:~# cat /etc/hosts
> > 127.0.0.1   localhost
> >
> > I only have this there
> >
> > I know this is not squid related but if you guys can
> > give me a hand.
> > I have no idea why is it resolving 192.168.0.254 to
> > localhost.
> >
> >
> >
> >
> >
> > > -Original Message-
> > > From: Jorge Bastos [mailto:[EMAIL PROTECTED]
> > > Sent: sábado, 5 de Abril de 2008 21:23
> > > To: 'Henrik Nordstrom'
> > > Cc: 'Amos Jeffries'; squid-users@squid-cache.org
> > > Subject: RE: [squid-users] client ip's
> > >
> > > This already worked with some of the 3.0 versions.
> > > Gonna try to play with my iptables rules and let
> > you guys know.
> > >
> > >
> > >
> > >
> > > > -Original Message-
> > > > From: Henrik Nordstrom
> > [mailto:[EMAIL PROTECTED]
> > > > Sent: sábado, 5 de Abril de 2008 19:38
> > > > To: Jorge Bastos
> > > > Cc: 'Amos Jeffries'; squid-users@squid-cache.org
> > > > Subject: RE: [squid-users] client ip's
> > > >
> > > > lr 2008-04-05 klockan 14:24 +0100 skrev Jorge
> > Bastos:
> > > >
> > > > > I updated to last STABLE-4 on debian, but this
> > still happens this
> > > > way.
> > > > > What can I do more?
> > > >
> > > > Good question.
> > > >
> > > > One thing you can try is to downgrade to
> > Squid-2.6. If that shows the
> > > > same symptoms the problem is not within Squid
> > but most likely in your
> > > > firewall ruleset or something else relevant to
> > how the connections
> > > end
> > > > up at your Squid.
> > > >
> > > > Regards
> > > > Henrik
> > >
> >
> >
> >
> 
> 
> __
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com

RE: [squid-users] client ip's

2008-04-10 Thread Henrik Nordstrom


tor 2008-04-10 klockan 09:22 +0100 skrev Jorge Bastos:
> Hum I got some news on this,
> 
> I don't know why my system started to give me this information:
> 
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric RefUse Iface
> 192.168.1.0 *   255.255.255.0   U 0  00 eth0
> 192.168.0.0 *   255.255.255.0   U 0  00 eth1
> default localhost   0.0.0.0 UG0  00 eth1

What's the output of
/sbin/ip route

or

/sbin/route -n

Regards
Henrik

RE: [squid-users] client ip's

2008-04-10 Thread julian julian

The reference to 192.168.0.254 which are you looking
when run route command is the default gateway.Your
server is not resolving 192.168.0.254 to localhost.

 
--- Jorge Bastos <[EMAIL PROTECTED]> wrote:

> In fact I have 3 NIC's.
> 
> Yes, the two interfaces I showed in the route print,
> are defined in
> /etc/network/interfaces.
> 
> 
> 
> 
> > -Original Message-
> > From: julian julian [mailto:[EMAIL PROTECTED]
> > Sent: quinta-feira, 10 de Abril de 2008 15:47
> > To: Jorge Bastos
> > Cc: squid
> > Subject: RE: [squid-users] client ip's
> > 
> > Jorge: have you set the network properly? Are you
> > using 192.168.x.x net. The network parameter must
> be
> > wrote in
> > ../ifcfg-eth0 and ../ifcfg-eth1 file (because I
> > suspect that you have two nics). The route command
> > shows some aspect of your network configuration.
> > 
> > Julián
> > 
> > --- Jorge Bastos <[EMAIL PROTECTED]> wrote:
> > 
> > > Hum I got some news on this,
> > >
> > > I don't know why my system started to give me
> this
> > > information:
> > >
> > > Kernel IP routing table
> > > Destination Gateway Genmask
> > > Flags Metric RefUse Iface
> > > 192.168.1.0 *   255.255.255.0  
> U
> > >  0  00 eth0
> > > 192.168.0.0 *   255.255.255.0  
> U
> > >  0  00 eth1
> > > default localhost   0.0.0.0
> UG
> > >  0  00 eth1
> > >
> > > Kernel IP routing table
> > > Destination Gateway Genmask
> > > Flags Metric RefUse Iface
> > > 192.168.1.0 0.0.0.0 255.255.255.0  
> U
> > >  0  00 eth0
> > > 192.168.0.0 0.0.0.0 255.255.255.0  
> U
> > >  0  00 eth1
> > > 0.0.0.0 192.168.0.254   0.0.0.0
> UG
> > >  0  00 eth1
> > >
> > >
> > > The fact is that the hosts file is correct:
> > >
> > > cisne:~# cat /etc/hosts
> > > 127.0.0.1   localhost
> > >
> > > I only have this there
> > >
> > > I know this is not squid related but if you guys
> can
> > > give me a hand.
> > > I have no idea why is it resolving 192.168.0.254
> to
> > > localhost.
> > >
> > >
> > >
> > >
> > >
> > > > -Original Message-
> > > > From: Jorge Bastos
> [mailto:[EMAIL PROTECTED]
> > > > Sent: sábado, 5 de Abril de 2008 21:23
> > > > To: 'Henrik Nordstrom'
> > > > Cc: 'Amos Jeffries';
> squid-users@squid-cache.org
> > > > Subject: RE: [squid-users] client ip's
> > > >
> > > > This already worked with some of the 3.0
> versions.
> > > > Gonna try to play with my iptables rules and
> let
> > > you guys know.
> > > >
> > > >
> > > >
> > > >
> > > > > -Original Message-
> > > > > From: Henrik Nordstrom
> > > [mailto:[EMAIL PROTECTED]
> > > > > Sent: sábado, 5 de Abril de 2008 19:38
> > > > > To: Jorge Bastos
> > > > > Cc: 'Amos Jeffries';
> squid-users@squid-cache.org
> > > > > Subject: RE: [squid-users] client ip's
> > > > >
> > > > > lr 2008-04-05 klockan 14:24 +0100 skrev
> Jorge
> > > Bastos:
> > > > >
> > > > > > I updated to last STABLE-4 on debian, but
> this
> > > still happens this
> > > > > way.
> > > > > > What can I do more?
> > > > >
> > > > > Good question.
> > > > >
> > > > > One thing you can try is to downgrade to
> > > Squid-2.6. If that shows the
> > > > > same symptoms the problem is not within
> Squid
> > > but most likely in your
> > > > > firewall ruleset or something else relevant
> to
> > > how the connections
> > > > end
> > > > > up at your Squid.
> > > > >
> > > > > Regards
> > > > > Henrik
> > > >
> > >
> > >
> > >
> > 
> > 
> > __
> > Do You Yahoo!?
> > Tired of spam?  Yahoo! Mail has the best spam
> protection around
> > http://mail.yahoo.com
> 
> 


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

[squid-users] client ip's

RE: [squid-users] client ip's

Re: [squid-users] client ip's

RE: [squid-users] client ip's

RE: [squid-users] client ip's

RE: [squid-users] client ip's

RE: [squid-users] client ip's

Re: [squid-users] client ip's

Re: [squid-users] client ip's

RE: [squid-users] client ip's

RE: [squid-users] client ip's

RE: [squid-users] client ip's

RE: [squid-users] client ip's

RE: [squid-users] client ip's

RE: [squid-users] client ip's

RE: [squid-users] client ip's

RE: [squid-users] client ip's

RE: [squid-users] client ip's

18 matches

Site Navigation

Mail list logo

Footer information