[squid-users] client ip's
Hi, My squid always report "localhost" on the client's IP. What can I do to correct this? Only started to happen with the last 3.0 stable2. --- 1207040749.939436 localhost TCP_MISS/200 1528 GET http://library.gnome.org/skin/tab_right.png - DIRECT/209.132.176.176 image/png
RE: [squid-users] client ip's
No, just squid himself. > -Original Message- > From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] > Sent: terça-feira, 1 de Abril de 2008 10:22 > To: Jorge Bastos > Cc: squid-users@squid-cache.org > Subject: Re: [squid-users] client ip's > > > tis 2008-04-01 klockan 10:07 +0100 skrev Jorge Bastos: > > Hi, > > > > My squid always report "localhost" on the client's IP. > > What can I do to correct this? Only started to happen with the last > 3.0 > > stable2. > > are you using dansguardian or another filtering proxy infront of your > Squid? > > Regards > Henrik
Re: [squid-users] client ip's
tis 2008-04-01 klockan 10:07 +0100 skrev Jorge Bastos: > Hi, > > My squid always report "localhost" on the client's IP. > What can I do to correct this? Only started to happen with the last 3.0 > stable2. are you using dansguardian or another filtering proxy infront of your Squid? Regards Henrik
RE: [squid-users] client ip's
tis 2008-04-01 klockan 12:29 +0100 skrev Jorge Bastos: > No, just squid himself. As a plain proxy, or playing with NAT? Regards Henrik
RE: [squid-users] client ip's
Transparent proxy Squid running on: 8080 And I forward 80 => 8080 (squid) => web My iptables rules are intact, I believe it was from 3.0 stable 1 or 2 that this started to happen. > -Original Message- > From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] > Sent: quarta-feira, 2 de Abril de 2008 0:12 > To: Jorge Bastos > Cc: squid-users@squid-cache.org > Subject: RE: [squid-users] client ip's > > tis 2008-04-01 klockan 12:29 +0100 skrev Jorge Bastos: > > No, just squid himself. > > As a plain proxy, or playing with NAT? > > Regards > Henrik
RE: [squid-users] client ip's
WHat do your iptables NAT rules look like? iptables-save -t nat ons 2008-04-02 klockan 09:18 +0100 skrev Jorge Bastos: > Transparent proxy > > Squid running on: 8080 > And I forward 80 => 8080 (squid) => web > > My iptables rules are intact, I believe it was from 3.0 stable 1 or 2 that > this started to happen. > > > > > > -Original Message- > > From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] > > Sent: quarta-feira, 2 de Abril de 2008 0:12 > > To: Jorge Bastos > > Cc: squid-users@squid-cache.org > > Subject: RE: [squid-users] client ip's > > > > tis 2008-04-01 klockan 12:29 +0100 skrev Jorge Bastos: > > > No, just squid himself. > > > > As a plain proxy, or playing with NAT? > > > > Regards > > Henrik >
RE: [squid-users] client ip's
The rule I use to redirect traffic from 80 to 8080 is: I must remember, this was working before 3.0 stable1 or stable2 (not using stable2), I just saw this was happening now. iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.1:8080 cisne:~# iptables-save -t nat # Generated by iptables-save v1.4.0 on Wed Apr 2 17:12:25 2008 *nat :PREROUTING ACCEPT [35:1650] :POSTROUTING ACCEPT [10307:1367320] :OUTPUT ACCEPT [66427:4357431] -A PREROUTING -d 193.164.158.105/32 -j DROP -A PREROUTING -i eth1 -p tcp -m tcp --dport 5111 -j DNAT --to-destination 192.168.1.11:5900 -A PREROUTING -i eth1 -p tcp -m tcp --dport 5901 -j DNAT --to-destination 192.168.1.2:5900 -A PREROUTING -i eth1 -p tcp -m tcp --dport 5969 -j DNAT --to-destination 192.168.1.3:5900 -A PREROUTING -i eth1 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 192.168.1.204:3389 -A PREROUTING -s 192.168.1.0/24 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.1:8080 -A PREROUTING -p gre -j ACCEPT -A PREROUTING -p icmp -j ACCEPT -A PREROUTING -p ah -j ACCEPT -A PREROUTING -p udp -m udp --dport 53 -j ACCEPT -A PREROUTING -p udp -m udp --dport 500 -j ACCEPT -A PREROUTING -p udp -m udp --dport 1723 -j ACCEPT -A PREROUTING -p udp -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 20 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 21 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 22 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 23 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 25 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 43 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 79 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 123 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 143 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 443 -j ACCEPT -A PREROUTING -d 80.172.172.34/32 -p tcp -m tcp --dport 444 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 1723 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 1863 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 3306 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 3389 -j ACCEPT -A PREROUTING -d 80.172.172.34/32 -p tcp -m tcp --dport 5000 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 5190 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 5900 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 5901 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 6667 -j ACCEPT -A PREROUTING -s 192.168.1.0/24 -d 192.168.1.206/32 -p tcp -m tcp --dport -j ACCEPT -A PREROUTING -d 192.168.1.1/32 -p tcp -m tcp --dport 8080 -j ACCEPT -A PREROUTING -i eth1 -p tcp -m tcp --dport 30106 -j DNAT --to-destination 192.168.1.224:30106 -A PREROUTING -s 192.168.1.0/24 -p tcp -m tcp --dport 62500:63500 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT -A PREROUTING -j DROP -A POSTROUTING -o eth1 -j MASQUERADE COMMIT # Completed on Wed Apr 2 17:12:26 2008 -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: quarta-feira, 2 de Abril de 2008 11:42 To: Jorge Bastos Cc: squid-users@squid-cache.org Subject: RE: [squid-users] client ip's WHat do your iptables NAT rules look like? iptables-save -t nat ons 2008-04-02 klockan 09:18 +0100 skrev Jorge Bastos: > Transparent proxy > > Squid running on: 8080 > And I forward 80 => 8080 (squid) => web > > My iptables rules are intact, I believe it was from 3.0 stable 1 or 2 that > this started to happen. > > > > > > -Original Message- > > From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] > > Sent: quarta-feira, 2 de Abril de 2008 0:12 > > To: Jorge Bastos > > Cc: squid-users@squid-cache.org > > Subject: RE: [squid-users] client ip's > > > > tis 2008-04-01 klockan 12:29 +0100 skrev Jorge Bastos: > > > No, just squid himself. > > > > As a plain proxy, or playing with NAT? > > > > Regards > > Henrik >
Re: [squid-users] client ip's
Jorge Bastos wrote: The rule I use to redirect traffic from 80 to 8080 is: I must remember, this was working before 3.0 stable1 or stable2 (not using stable2), I just saw this was happening now. What version did you upgrade from? iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.1:8080 If squid is running on this same box I would recommend the REDIRECT target instead of DNAT. It's less work for the kernel. The other possible issue is that you have your redirection rule at the start of the NAT tables. The matching rule to allow squid traffic out is near the end. Even if you keep DNAT, they should be in this order: # allow squid traffic out okay. iptables -t nat _A PREROUTING -s 192.168.1.1 -p tcp --dport 80 -j ACCEPT # redirect all other web traffic into squid. iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 80 -j REDIRECT --to-port 8080 cisne:~# iptables-save -t nat # Generated by iptables-save v1.4.0 on Wed Apr 2 17:12:25 2008 *nat :PREROUTING ACCEPT [35:1650] :POSTROUTING ACCEPT [10307:1367320] :OUTPUT ACCEPT [66427:4357431] -A PREROUTING -d 193.164.158.105/32 -j DROP -A PREROUTING -i eth1 -p tcp -m tcp --dport 5111 -j DNAT --to-destination 192.168.1.11:5900 -A PREROUTING -i eth1 -p tcp -m tcp --dport 5901 -j DNAT --to-destination 192.168.1.2:5900 -A PREROUTING -i eth1 -p tcp -m tcp --dport 5969 -j DNAT --to-destination 192.168.1.3:5900 -A PREROUTING -i eth1 -p tcp -m tcp --dport 3389 -j DNAT --to-destination 192.168.1.204:3389 -A PREROUTING -s 192.168.1.0/24 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.1.1:8080 -A PREROUTING -p gre -j ACCEPT -A PREROUTING -p icmp -j ACCEPT -A PREROUTING -p ah -j ACCEPT -A PREROUTING -p udp -m udp --dport 53 -j ACCEPT -A PREROUTING -p udp -m udp --dport 500 -j ACCEPT -A PREROUTING -p udp -m udp --dport 1723 -j ACCEPT -A PREROUTING -p udp -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 20 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 21 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 22 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 23 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 25 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 43 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 79 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 123 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 143 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 443 -j ACCEPT -A PREROUTING -d 80.172.172.34/32 -p tcp -m tcp --dport 444 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 1723 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 1863 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 3306 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 3389 -j ACCEPT -A PREROUTING -d 80.172.172.34/32 -p tcp -m tcp --dport 5000 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 5190 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 5900 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 5901 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 6667 -j ACCEPT -A PREROUTING -s 192.168.1.0/24 -d 192.168.1.206/32 -p tcp -m tcp --dport -j ACCEPT -A PREROUTING -d 192.168.1.1/32 -p tcp -m tcp --dport 8080 -j ACCEPT -A PREROUTING -i eth1 -p tcp -m tcp --dport 30106 -j DNAT --to-destination 192.168.1.224:30106 -A PREROUTING -s 192.168.1.0/24 -p tcp -m tcp --dport 62500:63500 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT -A PREROUTING -j DROP -A POSTROUTING -o eth1 -j MASQUERADE COMMIT # Completed on Wed Apr 2 17:12:26 2008 -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: quarta-feira, 2 de Abril de 2008 11:42 To: Jorge Bastos Cc: squid-users@squid-cache.org Subject: RE: [squid-users] client ip's WHat do your iptables NAT rules look like? iptables-save -t nat ons 2008-04-02 klockan 09:18 +0100 skrev Jorge Bastos: Transparent proxy Squid running on: 8080 And I forward 80 => 8080 (squid) => web My iptables rules are intact, I believe it was from 3.0 stable 1 or 2 that this started to happen. -Original Message- From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] Sent: quarta-feira, 2 de Abril de 2008 0:12 To: Jorge Bastos Cc: squid-users@squid-cache.org Subject: RE: [squid-users] client ip's tis 2008-04-01 klockan 12:29 +0100 skrev Jorge Bastos: No, just squid himself. As a plain proxy, or playing with NAT? Regards Henrik -- Please use Squid 2.6.STABLE19 or 3.0.STABLE4
Re: [squid-users] client ip's
tor 2008-04-03 klockan 18:08 +1300 skrev Amos Jeffries: > If squid is running on this same box I would recommend the REDIRECT > target instead of DNAT. It's less work for the kernel. Actually REDIRECT is more work than DNAT as it has to look up the primary IP of the incoming interface and dynamically construct the DNAT rule.. Regards Henrik who have hacked a bit too much on Netfilter/Iptables in previous lives
RE: [squid-users] client ip's
Hum, the last one's on debian. They were 3.0 PRE-X, but don't remember the number. > -Original Message- > From: Amos Jeffries [mailto:[EMAIL PROTECTED] > Sent: quinta-feira, 3 de Abril de 2008 6:08 > To: Jorge Bastos > Cc: 'Henrik Nordstrom'; squid-users@squid-cache.org > Subject: Re: [squid-users] client ip's > > Jorge Bastos wrote: > > The rule I use to redirect traffic from 80 to 8080 is: > > I must remember, this was working before 3.0 stable1 or stable2 (not > using > > stable2), I just saw this was happening now. > > What version did you upgrade from? > > > > > iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 80 -j > DNAT > > --to-destination 192.168.1.1:8080 > > > > If squid is running on this same box I would recommend the REDIRECT > target instead of DNAT. It's less work for the kernel. > > The other possible issue is that you have your redirection rule at the > start of the NAT tables. The matching rule to allow squid traffic out > is > near the end. > > Even if you keep DNAT, they should be in this order: > > # allow squid traffic out okay. > iptables -t nat _A PREROUTING -s 192.168.1.1 -p tcp --dport 80 -j > ACCEPT > # redirect all other web traffic into squid. > iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 80 -j > REDIRECT --to-port 8080 > > > > > cisne:~# iptables-save -t nat > > # Generated by iptables-save v1.4.0 on Wed Apr 2 17:12:25 2008 > > *nat > > :PREROUTING ACCEPT [35:1650] > > :POSTROUTING ACCEPT [10307:1367320] > > :OUTPUT ACCEPT [66427:4357431] > > -A PREROUTING -d 193.164.158.105/32 -j DROP > > -A PREROUTING -i eth1 -p tcp -m tcp --dport 5111 -j DNAT --to- > destination > > 192.168.1.11:5900 > > -A PREROUTING -i eth1 -p tcp -m tcp --dport 5901 -j DNAT --to- > destination > > 192.168.1.2:5900 > > -A PREROUTING -i eth1 -p tcp -m tcp --dport 5969 -j DNAT --to- > destination > > 192.168.1.3:5900 > > -A PREROUTING -i eth1 -p tcp -m tcp --dport 3389 -j DNAT --to- > destination > > 192.168.1.204:3389 > > -A PREROUTING -s 192.168.1.0/24 -p tcp -m tcp --dport 80 -j DNAT > > --to-destination 192.168.1.1:8080 > > -A PREROUTING -p gre -j ACCEPT > > -A PREROUTING -p icmp -j ACCEPT > > -A PREROUTING -p ah -j ACCEPT > > -A PREROUTING -p udp -m udp --dport 53 -j ACCEPT > > -A PREROUTING -p udp -m udp --dport 500 -j ACCEPT > > -A PREROUTING -p udp -m udp --dport 1723 -j ACCEPT > > -A PREROUTING -p udp -j ACCEPT > > -A PREROUTING -p tcp -m tcp --dport 20 -j ACCEPT > > -A PREROUTING -p tcp -m tcp --dport 21 -j ACCEPT > > -A PREROUTING -p tcp -m tcp --dport 22 -j ACCEPT > > -A PREROUTING -p tcp -m tcp --dport 23 -j ACCEPT > > -A PREROUTING -p tcp -m tcp --dport 25 -j ACCEPT > > -A PREROUTING -p tcp -m tcp --dport 43 -j ACCEPT > > -A PREROUTING -p tcp -m tcp --dport 79 -j ACCEPT > > -A PREROUTING -p tcp -m tcp --dport 123 -j ACCEPT > > -A PREROUTING -p tcp -m tcp --dport 143 -j ACCEPT > > -A PREROUTING -p tcp -m tcp --dport 443 -j ACCEPT > > -A PREROUTING -d 80.172.172.34/32 -p tcp -m tcp --dport 444 -j ACCEPT > > -A PREROUTING -p tcp -m tcp --dport 1723 -j ACCEPT > > -A PREROUTING -p tcp -m tcp --dport 1863 -j ACCEPT > > -A PREROUTING -p tcp -m tcp --dport 3306 -j ACCEPT > > -A PREROUTING -p tcp -m tcp --dport 3389 -j ACCEPT > > -A PREROUTING -d 80.172.172.34/32 -p tcp -m tcp --dport 5000 -j > ACCEPT > > -A PREROUTING -p tcp -m tcp --dport 5190 -j ACCEPT > > -A PREROUTING -p tcp -m tcp --dport 5900 -j ACCEPT > > -A PREROUTING -p tcp -m tcp --dport 5901 -j ACCEPT > > -A PREROUTING -p tcp -m tcp --dport 6667 -j ACCEPT > > -A PREROUTING -s 192.168.1.0/24 -d 192.168.1.206/32 -p tcp -m tcp -- > dport > > -j ACCEPT > > -A PREROUTING -d 192.168.1.1/32 -p tcp -m tcp --dport 8080 -j ACCEPT > > -A PREROUTING -i eth1 -p tcp -m tcp --dport 30106 -j DNAT --to- > destination > > 192.168.1.224:30106 > > -A PREROUTING -s 192.168.1.0/24 -p tcp -m tcp --dport 62500:63500 > > --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT > > -A PREROUTING -j DROP > > -A POSTROUTING -o eth1 -j MASQUERADE > > COMMIT > > # Completed on Wed Apr 2 17:12:26 2008 > > > > -Original Message- > > From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] > > Sent: quarta-feira, 2 de Abril de 2008 11:42 > > To: Jorge Bastos > > Cc: squid-users@squid-cache.org > > Subject: RE: [squid-users] client ip's > > > > WHat do your iptables NAT rules look like? > > > > iptables-save -t nat > > > > ons 200
RE: [squid-users] client ip's
People, I updated to last STABLE-4 on debian, but this still happens this way. What can I do more? Jorge > -Original Message- > From: Jorge Bastos [mailto:[EMAIL PROTECTED] > Sent: quinta-feira, 3 de Abril de 2008 9:56 > To: 'Amos Jeffries' > Cc: 'Henrik Nordstrom'; squid-users@squid-cache.org > Subject: RE: [squid-users] client ip's > > Hum, the last one's on debian. > They were 3.0 PRE-X, but don't remember the number. > > > > > > -Original Message- > > From: Amos Jeffries [mailto:[EMAIL PROTECTED] > > Sent: quinta-feira, 3 de Abril de 2008 6:08 > > To: Jorge Bastos > > Cc: 'Henrik Nordstrom'; squid-users@squid-cache.org > > Subject: Re: [squid-users] client ip's > > > > Jorge Bastos wrote: > > > The rule I use to redirect traffic from 80 to 8080 is: > > > I must remember, this was working before 3.0 stable1 or stable2 > (not > > using > > > stable2), I just saw this was happening now. > > > > What version did you upgrade from? > > > > > > > > iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 80 - > j > > DNAT > > > --to-destination 192.168.1.1:8080 > > > > > > > If squid is running on this same box I would recommend the REDIRECT > > target instead of DNAT. It's less work for the kernel. > > > > The other possible issue is that you have your redirection rule at > the > > start of the NAT tables. The matching rule to allow squid traffic out > > is > > near the end. > > > > Even if you keep DNAT, they should be in this order: > > > > # allow squid traffic out okay. > > iptables -t nat _A PREROUTING -s 192.168.1.1 -p tcp --dport 80 -j > > ACCEPT > > # redirect all other web traffic into squid. > > iptables -t nat -A PREROUTING -s 192.168.1.0/24 -p tcp --dport 80 -j > > REDIRECT --to-port 8080 > > > > > > > > cisne:~# iptables-save -t nat > > > # Generated by iptables-save v1.4.0 on Wed Apr 2 17:12:25 2008 > > > *nat > > > :PREROUTING ACCEPT [35:1650] > > > :POSTROUTING ACCEPT [10307:1367320] > > > :OUTPUT ACCEPT [66427:4357431] > > > -A PREROUTING -d 193.164.158.105/32 -j DROP > > > -A PREROUTING -i eth1 -p tcp -m tcp --dport 5111 -j DNAT --to- > > destination > > > 192.168.1.11:5900 > > > -A PREROUTING -i eth1 -p tcp -m tcp --dport 5901 -j DNAT --to- > > destination > > > 192.168.1.2:5900 > > > -A PREROUTING -i eth1 -p tcp -m tcp --dport 5969 -j DNAT --to- > > destination > > > 192.168.1.3:5900 > > > -A PREROUTING -i eth1 -p tcp -m tcp --dport 3389 -j DNAT --to- > > destination > > > 192.168.1.204:3389 > > > -A PREROUTING -s 192.168.1.0/24 -p tcp -m tcp --dport 80 -j DNAT > > > --to-destination 192.168.1.1:8080 > > > -A PREROUTING -p gre -j ACCEPT > > > -A PREROUTING -p icmp -j ACCEPT > > > -A PREROUTING -p ah -j ACCEPT > > > -A PREROUTING -p udp -m udp --dport 53 -j ACCEPT > > > -A PREROUTING -p udp -m udp --dport 500 -j ACCEPT > > > -A PREROUTING -p udp -m udp --dport 1723 -j ACCEPT > > > -A PREROUTING -p udp -j ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 20 -j ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 21 -j ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 22 -j ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 23 -j ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 25 -j ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 43 -j ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 79 -j ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 123 -j ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 143 -j ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 443 -j ACCEPT > > > -A PREROUTING -d 80.172.172.34/32 -p tcp -m tcp --dport 444 -j > ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 1723 -j ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 1863 -j ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 3306 -j ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 3389 -j ACCEPT > > > -A PREROUTING -d 80.172.172.34/32 -p tcp -m tcp --dport 5000 -j > > ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 5190 -j ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 5900 -j ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 5901 -j ACCEPT > > > -A PREROUTING -p tcp -m tcp --dport 6667 -j ACCEPT > > > -A PREROUTING -s 192.168.1.0/24 -d 192.168.1.206/32 -p tcp -m tcp - > - > &
RE: [squid-users] client ip's
lör 2008-04-05 klockan 14:24 +0100 skrev Jorge Bastos: > I updated to last STABLE-4 on debian, but this still happens this way. > What can I do more? Good question. One thing you can try is to downgrade to Squid-2.6. If that shows the same symptoms the problem is not within Squid but most likely in your firewall ruleset or something else relevant to how the connections end up at your Squid. Regards Henrik
RE: [squid-users] client ip's
This already worked with some of the 3.0 versions. Gonna try to play with my iptables rules and let you guys know. > -Original Message- > From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] > Sent: sábado, 5 de Abril de 2008 19:38 > To: Jorge Bastos > Cc: 'Amos Jeffries'; squid-users@squid-cache.org > Subject: RE: [squid-users] client ip's > > lr 2008-04-05 klockan 14:24 +0100 skrev Jorge Bastos: > > > I updated to last STABLE-4 on debian, but this still happens this > way. > > What can I do more? > > Good question. > > One thing you can try is to downgrade to Squid-2.6. If that shows the > same symptoms the problem is not within Squid but most likely in your > firewall ruleset or something else relevant to how the connections end > up at your Squid. > > Regards > Henrik
RE: [squid-users] client ip's
Hum I got some news on this, I don't know why my system started to give me this information: Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 192.168.1.0 * 255.255.255.0 U 0 00 eth0 192.168.0.0 * 255.255.255.0 U 0 00 eth1 default localhost 0.0.0.0 UG0 00 eth1 Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 192.168.1.0 0.0.0.0 255.255.255.0 U 0 00 eth0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 00 eth1 0.0.0.0 192.168.0.254 0.0.0.0 UG0 00 eth1 The fact is that the hosts file is correct: cisne:~# cat /etc/hosts 127.0.0.1 localhost I only have this there I know this is not squid related but if you guys can give me a hand. I have no idea why is it resolving 192.168.0.254 to localhost. > -Original Message- > From: Jorge Bastos [mailto:[EMAIL PROTECTED] > Sent: sábado, 5 de Abril de 2008 21:23 > To: 'Henrik Nordstrom' > Cc: 'Amos Jeffries'; squid-users@squid-cache.org > Subject: RE: [squid-users] client ip's > > This already worked with some of the 3.0 versions. > Gonna try to play with my iptables rules and let you guys know. > > > > > > -Original Message- > > From: Henrik Nordstrom [mailto:[EMAIL PROTECTED] > > Sent: sábado, 5 de Abril de 2008 19:38 > > To: Jorge Bastos > > Cc: 'Amos Jeffries'; squid-users@squid-cache.org > > Subject: RE: [squid-users] client ip's > > > > lr 2008-04-05 klockan 14:24 +0100 skrev Jorge Bastos: > > > > > I updated to last STABLE-4 on debian, but this still happens this > > way. > > > What can I do more? > > > > Good question. > > > > One thing you can try is to downgrade to Squid-2.6. If that shows the > > same symptoms the problem is not within Squid but most likely in your > > firewall ruleset or something else relevant to how the connections > end > > up at your Squid. > > > > Regards > > Henrik >
RE: [squid-users] client ip's
Jorge: have you set the network properly? Are you using 192.168.x.x net. The network parameter must be wrote in ../ifcfg-eth0 and ../ifcfg-eth1 file (because I suspect that you have two nics). The route command shows some aspect of your network configuration. Julián --- Jorge Bastos <[EMAIL PROTECTED]> wrote: > Hum I got some news on this, > > I don't know why my system started to give me this > information: > > Kernel IP routing table > Destination Gateway Genmask > Flags Metric RefUse Iface > 192.168.1.0 * 255.255.255.0 U > 0 00 eth0 > 192.168.0.0 * 255.255.255.0 U > 0 00 eth1 > default localhost 0.0.0.0 UG > 0 00 eth1 > > Kernel IP routing table > Destination Gateway Genmask > Flags Metric RefUse Iface > 192.168.1.0 0.0.0.0 255.255.255.0 U > 0 00 eth0 > 192.168.0.0 0.0.0.0 255.255.255.0 U > 0 00 eth1 > 0.0.0.0 192.168.0.254 0.0.0.0 UG > 0 00 eth1 > > > The fact is that the hosts file is correct: > > cisne:~# cat /etc/hosts > 127.0.0.1 localhost > > I only have this there > > I know this is not squid related but if you guys can > give me a hand. > I have no idea why is it resolving 192.168.0.254 to > localhost. > > > > > > > -Original Message- > > From: Jorge Bastos [mailto:[EMAIL PROTECTED] > > Sent: sábado, 5 de Abril de 2008 21:23 > > To: 'Henrik Nordstrom' > > Cc: 'Amos Jeffries'; squid-users@squid-cache.org > > Subject: RE: [squid-users] client ip's > > > > This already worked with some of the 3.0 versions. > > Gonna try to play with my iptables rules and let > you guys know. > > > > > > > > > > > -Original Message- > > > From: Henrik Nordstrom > [mailto:[EMAIL PROTECTED] > > > Sent: sábado, 5 de Abril de 2008 19:38 > > > To: Jorge Bastos > > > Cc: 'Amos Jeffries'; squid-users@squid-cache.org > > > Subject: RE: [squid-users] client ip's > > > > > > lr 2008-04-05 klockan 14:24 +0100 skrev Jorge > Bastos: > > > > > > > I updated to last STABLE-4 on debian, but this > still happens this > > > way. > > > > What can I do more? > > > > > > Good question. > > > > > > One thing you can try is to downgrade to > Squid-2.6. If that shows the > > > same symptoms the problem is not within Squid > but most likely in your > > > firewall ruleset or something else relevant to > how the connections > > end > > > up at your Squid. > > > > > > Regards > > > Henrik > > > > > __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
RE: [squid-users] client ip's
In fact I have 3 NIC's. Yes, the two interfaces I showed in the route print, are defined in /etc/network/interfaces. > -Original Message- > From: julian julian [mailto:[EMAIL PROTECTED] > Sent: quinta-feira, 10 de Abril de 2008 15:47 > To: Jorge Bastos > Cc: squid > Subject: RE: [squid-users] client ip's > > Jorge: have you set the network properly? Are you > using 192.168.x.x net. The network parameter must be > wrote in > ../ifcfg-eth0 and ../ifcfg-eth1 file (because I > suspect that you have two nics). The route command > shows some aspect of your network configuration. > > Julián > > --- Jorge Bastos <[EMAIL PROTECTED]> wrote: > > > Hum I got some news on this, > > > > I don't know why my system started to give me this > > information: > > > > Kernel IP routing table > > Destination Gateway Genmask > > Flags Metric RefUse Iface > > 192.168.1.0 * 255.255.255.0 U > > 0 00 eth0 > > 192.168.0.0 * 255.255.255.0 U > > 0 00 eth1 > > default localhost 0.0.0.0 UG > > 0 00 eth1 > > > > Kernel IP routing table > > Destination Gateway Genmask > > Flags Metric RefUse Iface > > 192.168.1.0 0.0.0.0 255.255.255.0 U > > 0 00 eth0 > > 192.168.0.0 0.0.0.0 255.255.255.0 U > > 0 00 eth1 > > 0.0.0.0 192.168.0.254 0.0.0.0 UG > > 0 00 eth1 > > > > > > The fact is that the hosts file is correct: > > > > cisne:~# cat /etc/hosts > > 127.0.0.1 localhost > > > > I only have this there > > > > I know this is not squid related but if you guys can > > give me a hand. > > I have no idea why is it resolving 192.168.0.254 to > > localhost. > > > > > > > > > > > > > -Original Message- > > > From: Jorge Bastos [mailto:[EMAIL PROTECTED] > > > Sent: sábado, 5 de Abril de 2008 21:23 > > > To: 'Henrik Nordstrom' > > > Cc: 'Amos Jeffries'; squid-users@squid-cache.org > > > Subject: RE: [squid-users] client ip's > > > > > > This already worked with some of the 3.0 versions. > > > Gonna try to play with my iptables rules and let > > you guys know. > > > > > > > > > > > > > > > > -Original Message- > > > > From: Henrik Nordstrom > > [mailto:[EMAIL PROTECTED] > > > > Sent: sábado, 5 de Abril de 2008 19:38 > > > > To: Jorge Bastos > > > > Cc: 'Amos Jeffries'; squid-users@squid-cache.org > > > > Subject: RE: [squid-users] client ip's > > > > > > > > lr 2008-04-05 klockan 14:24 +0100 skrev Jorge > > Bastos: > > > > > > > > > I updated to last STABLE-4 on debian, but this > > still happens this > > > > way. > > > > > What can I do more? > > > > > > > > Good question. > > > > > > > > One thing you can try is to downgrade to > > Squid-2.6. If that shows the > > > > same symptoms the problem is not within Squid > > but most likely in your > > > > firewall ruleset or something else relevant to > > how the connections > > > end > > > > up at your Squid. > > > > > > > > Regards > > > > Henrik > > > > > > > > > > > > __ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com
RE: [squid-users] client ip's
tor 2008-04-10 klockan 09:22 +0100 skrev Jorge Bastos: > Hum I got some news on this, > > I don't know why my system started to give me this information: > > Kernel IP routing table > Destination Gateway Genmask Flags Metric RefUse Iface > 192.168.1.0 * 255.255.255.0 U 0 00 eth0 > 192.168.0.0 * 255.255.255.0 U 0 00 eth1 > default localhost 0.0.0.0 UG0 00 eth1 What's the output of /sbin/ip route or /sbin/route -n Regards Henrik
RE: [squid-users] client ip's
The reference to 192.168.0.254 which are you looking when run route command is the default gateway.Your server is not resolving 192.168.0.254 to localhost. --- Jorge Bastos <[EMAIL PROTECTED]> wrote: > In fact I have 3 NIC's. > > Yes, the two interfaces I showed in the route print, > are defined in > /etc/network/interfaces. > > > > > > -Original Message- > > From: julian julian [mailto:[EMAIL PROTECTED] > > Sent: quinta-feira, 10 de Abril de 2008 15:47 > > To: Jorge Bastos > > Cc: squid > > Subject: RE: [squid-users] client ip's > > > > Jorge: have you set the network properly? Are you > > using 192.168.x.x net. The network parameter must > be > > wrote in > > ../ifcfg-eth0 and ../ifcfg-eth1 file (because I > > suspect that you have two nics). The route command > > shows some aspect of your network configuration. > > > > Julián > > > > --- Jorge Bastos <[EMAIL PROTECTED]> wrote: > > > > > Hum I got some news on this, > > > > > > I don't know why my system started to give me > this > > > information: > > > > > > Kernel IP routing table > > > Destination Gateway Genmask > > > Flags Metric RefUse Iface > > > 192.168.1.0 * 255.255.255.0 > U > > > 0 00 eth0 > > > 192.168.0.0 * 255.255.255.0 > U > > > 0 00 eth1 > > > default localhost 0.0.0.0 > UG > > > 0 00 eth1 > > > > > > Kernel IP routing table > > > Destination Gateway Genmask > > > Flags Metric RefUse Iface > > > 192.168.1.0 0.0.0.0 255.255.255.0 > U > > > 0 00 eth0 > > > 192.168.0.0 0.0.0.0 255.255.255.0 > U > > > 0 00 eth1 > > > 0.0.0.0 192.168.0.254 0.0.0.0 > UG > > > 0 00 eth1 > > > > > > > > > The fact is that the hosts file is correct: > > > > > > cisne:~# cat /etc/hosts > > > 127.0.0.1 localhost > > > > > > I only have this there > > > > > > I know this is not squid related but if you guys > can > > > give me a hand. > > > I have no idea why is it resolving 192.168.0.254 > to > > > localhost. > > > > > > > > > > > > > > > > > > > -Original Message- > > > > From: Jorge Bastos > [mailto:[EMAIL PROTECTED] > > > > Sent: sábado, 5 de Abril de 2008 21:23 > > > > To: 'Henrik Nordstrom' > > > > Cc: 'Amos Jeffries'; > squid-users@squid-cache.org > > > > Subject: RE: [squid-users] client ip's > > > > > > > > This already worked with some of the 3.0 > versions. > > > > Gonna try to play with my iptables rules and > let > > > you guys know. > > > > > > > > > > > > > > > > > > > > > -Original Message- > > > > > From: Henrik Nordstrom > > > [mailto:[EMAIL PROTECTED] > > > > > Sent: sábado, 5 de Abril de 2008 19:38 > > > > > To: Jorge Bastos > > > > > Cc: 'Amos Jeffries'; > squid-users@squid-cache.org > > > > > Subject: RE: [squid-users] client ip's > > > > > > > > > > lr 2008-04-05 klockan 14:24 +0100 skrev > Jorge > > > Bastos: > > > > > > > > > > > I updated to last STABLE-4 on debian, but > this > > > still happens this > > > > > way. > > > > > > What can I do more? > > > > > > > > > > Good question. > > > > > > > > > > One thing you can try is to downgrade to > > > Squid-2.6. If that shows the > > > > > same symptoms the problem is not within > Squid > > > but most likely in your > > > > > firewall ruleset or something else relevant > to > > > how the connections > > > > end > > > > > up at your Squid. > > > > > > > > > > Regards > > > > > Henrik > > > > > > > > > > > > > > > > > > > __ > > Do You Yahoo!? > > Tired of spam? Yahoo! Mail has the best spam > protection around > > http://mail.yahoo.com > > __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com