Re: [squid-users] Transparent and non Transparent at the same time
This would be a starter point: http://wiki.mikrotik.com/wiki/Policy_Routing_in_RouterOS_2.9.x Logically it should be similar to this: http://blog.butchevans.com/2008/09/mikrotik-policy-routing-implementation-example/ but the proxy should have two interfaces, in and out. It can be done on one interface but then you will need to add some exceptions to traffic by the MAC address of the proxy. I wrote this once in the past. And this should summarize how it should be done: https://aacable.wordpress.com/2011/07/21/mikrotik-howto-redirect-http-traffic-to-squid-with-original-source-client-ip/ Eliezer Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: elie...@ngtech.co.il -Original Message- From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of Yuri Voinov Sent: Thursday, October 27, 2016 22:16 To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] Transparent and non Transparent at the same time -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Good. We are came to an agreement :) Peace :) Let's support to op :) 28.10.2016 1:14, Antony Stone пишет: > On Thursday 27 October 2016 at 21:09:44, Yuri Voinov wrote: > >> OP originally wrote - "I have no IPtables and so on." >> He needs specific guidance, not word games. > > Agreed. > > > Antony. > - -- Cats - delicious. You just do not know how to cook them. -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYElJeAAoJENNXIZxhPexGQMMH/jBpHN5EkIYnNtUk3eeHWY1R axGwKENC8mTc+YYEJKMkTh+l+fuhGYUsHY59QeS5TYW3YSlAWVusUgX0jFRBdNpx dSWIaJHBF3HCQdDjB36SaoCKsJ4HmiRJbclSN7mW6yQ7AmV6xclTgdedrJZJz1wF Y8Jge4XKalhbf8QfC74RR+j6gSanjMCs60Jl/8iYjSulEhwfEuuirF77A/ldWgmv oahQIpu1UDt+o2zvELmbHGeuADT8b6kQuC9GhsFOxzGe8iEhK4+Ad61GNSBJKY+6 BB1JzMVmBMridYW2WVpJaMgRm9anCPe+u7OHALxewT/isGYhNSRcq77IKmWXCuk= =g8yy -END PGP SIGNATURE- ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Transparent and non Transparent at the same time
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Good. We are came to an agreement :) Peace :) Let's support to op :) 28.10.2016 1:14, Antony Stone пишет: > On Thursday 27 October 2016 at 21:09:44, Yuri Voinov wrote: > >> OP originally wrote - "I have no IPtables and so on." >> He needs specific guidance, not word games. > > Agreed. > > > Antony. > - -- Cats - delicious. You just do not know how to cook them. -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYElJeAAoJENNXIZxhPexGQMMH/jBpHN5EkIYnNtUk3eeHWY1R axGwKENC8mTc+YYEJKMkTh+l+fuhGYUsHY59QeS5TYW3YSlAWVusUgX0jFRBdNpx dSWIaJHBF3HCQdDjB36SaoCKsJ4HmiRJbclSN7mW6yQ7AmV6xclTgdedrJZJz1wF Y8Jge4XKalhbf8QfC74RR+j6gSanjMCs60Jl/8iYjSulEhwfEuuirF77A/ldWgmv oahQIpu1UDt+o2zvELmbHGeuADT8b6kQuC9GhsFOxzGe8iEhK4+Ad61GNSBJKY+6 BB1JzMVmBMridYW2WVpJaMgRm9anCPe+u7OHALxewT/isGYhNSRcq77IKmWXCuk= =g8yy -END PGP SIGNATURE- 0x613DEC46.asc Description: application/pgp-keys ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Transparent and non Transparent at the same time
On Thursday 27 October 2016 at 21:09:44, Yuri Voinov wrote: > OP originally wrote - "I have no IPtables and so on." > He needs specific guidance, not word games. Agreed. Antony. -- There's no such thing as bad weather - only the wrong clothes. - Billy Connolly Please reply to the list; please *don't* CC me. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Transparent and non Transparent at the same time
On Thursday 27 October 2016 at 21:04:18, Yuri Voinov wrote: > (facepalm) > > rdr(REDIRECT) is NAT functionality? Yes or no? Apologies - I could have answered this better: Yes, REDIRECT is one NAT functionality. There are several others. On Thursday 27 October 2016 at 19:46:53, Eliezer Croitoru wrote: > You need routing policy not DNAT. This remains a correct statement. Antony. -- f u cn rd ths, u cn gt a gd jb n nx prgrmmng Please reply to the list; please *don't* CC me. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Transparent and non Transparent at the same time
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Well, http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxDnat If I'm not stupid completely, this examples both uses NAT functionality. Yes or no? The question - what do we argue? Op originally wrote - "I have no iptables and so on." He needs specific guidance, not word games. So, no? 28.10.2016 1:04, Yuri Voinov пишет: > > (facepalm) > > rdr(REDIRECT) is NAT functionality? Yes or no? > > > 28.10.2016 0:59, Antony Stone пишет: > > On Thursday 27 October 2016 at 20:57:04, Yuri Voinov wrote: > > >> You know method to do this without NAT? ;) > > > I know how to do it without DNAT, which is what Eliezer recommended > and you > > challenged. > > > Antony. > > > - -- Cats - delicious. You just do not know how to cook them. -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYElD4AAoJENNXIZxhPexG3d4H+wTllZGRI6URada+ifxa8mPe EnLO7Bviwe26VqvJZbmhIy9a9zX2tunykADk1cII45nIhBaoYVqMJe65p8NDox+z 4V0RJn0oU02nPpHM5RTwNxisfUFKqz+TvypL91c3AOApUqsWOftApt9AuWru3dV+ vwO+p4C7i0JQRPd1pSiK0JpAolg+QM4dJaxrJ/+Sqsr5PIKMtCngWy2VzDTPuhoe 6Gl1u3nqiWzfJRMoqfRyHowx7tNe06i/FlT5qR1NTJ1Iu3sGIlLZyShswwxk6SSs /w0W0jhcnArAJ4ITSP5X3CTRKw2GsgzPSIBlzchrt7SNfiVMxJ3GCpUw5F7qbk4= =Q1cn -END PGP SIGNATURE- 0x613DEC46.asc Description: application/pgp-keys ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Transparent and non Transparent at the same time
On Thursday 27 October 2016 at 21:04:18, Yuri Voinov wrote: > (facepalm) > > rdr(REDIRECT) is NAT functionality? Yes or no? Yes, DNAT is one NAT functionality. There are several others. On Thursday 27 October 2016 at 19:46:53, Eliezer Croitoru wrote: > You need routing policy not DNAT. DNAT is definitively not required for this - it needs a different form of NAT. Antony. -- f u cn rd ths, u cn gt a gd jb n nx prgrmmng Please reply to the list; please *don't* CC me. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Transparent and non Transparent at the same time
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 (facepalm) rdr(REDIRECT) is NAT functionality? Yes or no? 28.10.2016 0:59, Antony Stone пишет: > On Thursday 27 October 2016 at 20:57:04, Yuri Voinov wrote: > >> You know method to do this without NAT? ;) > > I know how to do it without DNAT, which is what Eliezer recommended and you > challenged. > > Antony. > - -- Cats - delicious. You just do not know how to cook them. -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYEk+yAAoJENNXIZxhPexGC+QH/RuR8zwmZkv4MI+3hDa+V2VV xRSDQgAuc3LVc/vQkqVaJXCsZ1KG07Pm/M0kH2+bZNpgGa+5NWc0/XYlXUphsDDi S5sIFd4uMEUXJxtMOg1J+xqmOy2fqtGs4XZn6rTGVnVF3dSwW+gPpOLH5BKiqHhR Jdtdc3q2Tvce6Z0+RUSDviFSR1N+p0z4Hx4xrNLaa8UB5Lky9pZAZq/VGPwY5zRI YqsBnmFSu7jH/0Of0MsY6lOMDuqea497EReLOgspIUIKNoCpFseWijxXt87HW/2w BrxyBWePdU6/RS5QBktMzFlJBjjFtn5Z2lVVjdHP0rkV6CqtMmgrdfVCVtRaU90= =rFPk -END PGP SIGNATURE- 0x613DEC46.asc Description: application/pgp-keys ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Transparent and non Transparent at the same time
On Thursday 27 October 2016 at 20:57:04, Yuri Voinov wrote: > You know method to do this without NAT? ;) I know how to do it without DNAT, which is what Eliezer recommended and you challenged. Antony. -- "The tofu battle I saw last weekend was quite brutal." - Marija Danute Brigita Kuncaitis Please reply to the list; please *don't* CC me. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Transparent and non Transparent at the same time
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 You know method to do this without NAT? ;) 28.10.2016 0:54, Antony Stone пишет: > On Thursday 27 October 2016 at 19:51:22, Yuri Voinov wrote: > >> You absolutely sure, Eliezier? :) > > Yes - you do not use DNAT. > > You do use REDIRECT on the machine Squid is running on. > > > Antony. > >> 27.10.2016 23:46, Eliezer Croitoru пишет: >>> You need routing policy not DNAT. >>> >>> Eliezer >>> >>> >>> Eliezer Croitoru >>> Linux System Administrator >>> Mobile: +972-5-28704261 >>> Email: elie...@ngtech.co.il >>> >>> >>> -Original Message- >>> From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] >> >> On Behalf Of erdosain9 >> >>> Sent: Thursday, October 27, 2016 19:08 >>> To: squid-users@lists.squid-cache.org >>> Subject: Re: [squid-users] Transparent and non Transparent at the same >> >> time >> >>> Ok... but i have this problem >>> >>> ERROR: NAT/TPROXY lookup failed to locate original IPs on >>> >>> local=192.168.1.15:3130 remote=192.168.1.1:52090 FD 14 flags=33 >>> >>> ... >>> I put some dstnat in Mikrotik (192.168.1.1) >>> >>> >>> ip firewall nat add chain=dstnat src-add=192.168.1.121 protocol=tcp >>> dst-port=80 action=dst-nat >>> to-addresses=192.168.1.20 to-ports=3129 >>> >>> ERROR: NAT/TPROXY lookup failed to locate original IPs on >>> local=192.168.1.20:3129 remote=192.168.1.1:52153 FD 14 flags=33 >>> 2016/10/27 14:01:43 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on >>> local=192.168.1.215:3129 remote=192.168.1.1:52154 FD 14 flags=33: (92) >> >> Protocol not available >> >>> I dont have iptables or firewalld... im using Centos... is necessary >> >> enable firewalld or iptables??? >> >>> im using the PC (192.168.1.121 for test) Thanks >> >> http://squid-web-proxy-cache.1019090.n4.nabble.com/Transparent-and-non-Tran >> sparent-at-the-same-time-tp4680309p4680330.html >> >>> Sent from the Squid - Users mailing list archive at Nabble.com. >>> ___ >>> squid-users mailing list >>> squid-users@lists.squid-cache.org >>> http://lists.squid-cache.org/listinfo/squid-users >>> >>> ___ >>> squid-users mailing list >>> squid-users@lists.squid-cache.org >>> http://lists.squid-cache.org/listinfo/squid-users > - -- Cats - delicious. You just do not know how to cook them. -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYEk4AAAoJENNXIZxhPexGGakIAMLVs9E4pOELHc2ER9TSQ2pD VLPffzjRkSndZvv8Qck0rmoANfZHJoKFzCSx9EMifdiPQjQGRgFm19Hy6wjMNt0v E7J6Qp5rC2BIIf/zg+rPj4Wz5dcSndV+3m+zk18oEOB47i4MCFkJCwPAYwSkHvXZ 8m4/5pMDSuS7rp+O2Pd217EvesSkMqUXOSKT1/iuvR5yqplTBgEQ8OOpEGYuui9c dUMm73veIXF22gbcj4NgyFAWnnjJl4oOS7mAuJ2Vs+ZhQeY/uPlurJoCjGm2zXFB QuhJj05bZkDUqwzWp3VsuXhhSk9skJSRVjqBzMS30q1ocBDN4+adcHrP1n1ISyU= =jDMd -END PGP SIGNATURE- 0x613DEC46.asc Description: application/pgp-keys ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Transparent and non Transparent at the same time
On Thursday 27 October 2016 at 19:51:22, Yuri Voinov wrote:
> You absolutely sure, Eliezier? :)
Yes - you do not use DNAT.
You do use REDIRECT on the machine Squid is running on.
Antony.
> 27.10.2016 23:46, Eliezer Croitoru пишет:
> > You need routing policy not DNAT.
> >
> > Eliezer
> >
> >
> > Eliezer Croitoru
> > Linux System Administrator
> > Mobile: +972-5-28704261
> > Email: elie...@ngtech.co.il
> >
> >
> > -Original Message-
> > From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org]
>
> On Behalf Of erdosain9
>
> > Sent: Thursday, October 27, 2016 19:08
> > To: squid-users@lists.squid-cache.org
> > Subject: Re: [squid-users] Transparent and non Transparent at the same
>
> time
>
> > Ok... but i have this problem
> >
> > ERROR: NAT/TPROXY lookup failed to locate original IPs on
> >
> > local=192.168.1.15:3130 remote=192.168.1.1:52090 FD 14 flags=33
> >
> > ...
> > I put some dstnat in Mikrotik (192.168.1.1)
> >
> >
> > ip firewall nat add chain=dstnat src-add=192.168.1.121 protocol=tcp
> > dst-port=80 action=dst-nat
> > to-addresses=192.168.1.20 to-ports=3129
> >
> > ERROR: NAT/TPROXY lookup failed to locate original IPs on
> > local=192.168.1.20:3129 remote=192.168.1.1:52153 FD 14 flags=33
> > 2016/10/27 14:01:43 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on
> > local=192.168.1.215:3129 remote=192.168.1.1:52154 FD 14 flags=33: (92)
>
> Protocol not available
>
> > I dont have iptables or firewalld... im using Centos... is necessary
>
> enable firewalld or iptables???
>
> > im using the PC (192.168.1.121 for test) Thanks
>
> http://squid-web-proxy-cache.1019090.n4.nabble.com/Transparent-and-non-Tran
> sparent-at-the-same-time-tp4680309p4680330.html
>
> > Sent from the Squid - Users mailing list archive at Nabble.com.
> > ___
> > squid-users mailing list
> > squid-users@lists.squid-cache.org
> > http://lists.squid-cache.org/listinfo/squid-users
> >
> > ___
> > squid-users mailing list
> > squid-users@lists.squid-cache.org
> > http://lists.squid-cache.org/listinfo/squid-users
--
#define SIX 1+5
#define NINE 8+1
int main() {
printf("%d\n", SIX * NINE);
}
- thanks to ECB for bringing this to my attention
Please reply to the list;
please *don't* CC me.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Transparent and non Transparent at the same time
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 erdosain9, here is documentation your required. http://wiki.squid-cache.org/ConfigExamples/Intercept Sadly, but interception proxy with modern Squid, in addition to router with PBR/WCCP redirection, also always required NAT, configured on proxy box - iptables/IPF/IPFilter etc. and requires to build squid with appropriate NAT support. This is a bit more complex technical task, which is required more computer skills. So, start from good Squid's documentation. ;-) Hard luck! :-) 27.10.2016 22:08, erdosain9 пишет: > Ok... but i have this problem > > ERROR: NAT/TPROXY lookup failed to locate original IPs on > local=192.168.1.15:3130 remote=192.168.1.1:52090 FD 14 flags=33 > > ... > I put some dstnat in Mikrotik (192.168.1.1) > > > ip firewall nat add chain=dstnat src-add=192.168.1.121 protocol=tcp > dst-port=80 action=dst-nat > to-addresses=192.168.1.20 to-ports=3129 > > ERROR: NAT/TPROXY lookup failed to locate original IPs on > local=192.168.1.20:3129 remote=192.168.1.1:52153 FD 14 flags=33 > 2016/10/27 14:01:43 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on > local=192.168.1.215:3129 remote=192.168.1.1:52154 FD 14 flags=33: (92) > Protocol not available > > I dont have iptables or firewalld... im using Centos... is necessary enable > firewalld or iptables??? > > > im using the PC (192.168.1.121 for test) > Thanks > > > > -- > View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Transparent-and-non-Transparent-at-the-same-time-tp4680309p4680330.html > Sent from the Squid - Users mailing list archive at Nabble.com. > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users - -- Cats - delicious. You just do not know how to cook them. -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYEkKQAAoJENNXIZxhPexGtP0H/0kB5mJMQmJWZgVCD7ZLQ5/A lqYYEp0mwj2WiLMOeRa9uz+RW8qlzPX2Kw1DmrhjfMGTsCsjOcyRnd4w87hY0S1/ Q9DYJ4dfbtQMz/WKB6gf0D2/lv2Wc4eCuqS5QXGRgF5/wenfJuMKB42BN5dMshBN hB5Kfw7p9ywvrB+GR9zHvADIcOlgu4tobR5bUAraQKhUk82PMRojbutnRBXcTUL3 gKjLFXg4VFi3LDJospVr4lMMif0vkacEpI8XHbscqClngTNEKQvQN1MLD+5JQL3y oWGgmUzmvEGTJGRCntlKSriFS+DJn1GUcUVplALehXjSRAyJp7aIC0Q+Vc/GCfU= =zxIL -END PGP SIGNATURE- 0x613DEC46.asc Description: application/pgp-keys ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Transparent and non Transparent at the same time
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Once more: You are really absolutely sure you talking about Squid's transparent interception proxy? Well, let's open Squid's wiki: http://wiki.squid-cache.org/ConfigExamples/Intercept Please, read to us latest statement on this screenshot: https://i1.someimage.com/uKbfdot.png 27.10.2016 23:55, Eliezer Croitoru пишет: > Well this is the most efficient and less risker way. > I do not know MikroTik enough to the hardware but it has a routing engine so... routing policy. > In the past I wrote about it somewhere with details instructions on how to do it in a mikrotik. > > Eliezer > > > Eliezer Croitoru > Linux System Administrator > Mobile: +972-5-28704261 > Email: elie...@ngtech.co.il > > > -Original Message- > From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of Yuri Voinov > Sent: Thursday, October 27, 2016 20:51 > To: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] Transparent and non Transparent at the same time > > > You absolutely sure, Eliezier? :) > > > 27.10.2016 23:46, Eliezer Croitoru пишет: > > You need routing policy not DNAT. > > > Eliezer > > > > > Eliezer Croitoru > > Linux System Administrator > > Mobile: +972-5-28704261 > > Email: elie...@ngtech.co.il > > > > -Original Message- > > From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] > On Behalf Of erdosain9 > > Sent: Thursday, October 27, 2016 19:08 > > To: squid-users@lists.squid-cache.org > > Subject: Re: [squid-users] Transparent and non Transparent at the same > time > > > Ok... but i have this problem > > > ERROR: NAT/TPROXY lookup failed to locate original IPs on > > local=192.168.1.15:3130 remote=192.168.1.1:52090 FD 14 flags=33 > > > ... > > I put some dstnat in Mikrotik (192.168.1.1) > > > > ip firewall nat add chain=dstnat src-add=192.168.1.121 protocol=tcp > > dst-port=80 action=dst-nat > > to-addresses=192.168.1.20 to-ports=3129 > > > ERROR: NAT/TPROXY lookup failed to locate original IPs on > > local=192.168.1.20:3129 remote=192.168.1.1:52153 FD 14 flags=33 > > 2016/10/27 14:01:43 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on > > local=192.168.1.215:3129 remote=192.168.1.1:52154 FD 14 flags=33: (92) > Protocol not available > > > I dont have iptables or firewalld... im using Centos... is necessary > enable firewalld or iptables??? > > > > im using the PC (192.168.1.121 for test) Thanks > > > > > -- > > View this message in context: > http://squid-web-proxy-cache.1019090.n4.nabble.com/Transparent-and-non-Transparent-at-the-same-time-tp4680309p4680330.html > > Sent from the Squid - Users mailing list archive at Nabble.com. > > ___ > > squid-users mailing list > > squid-users@lists.squid-cache.org > > http://lists.squid-cache.org/listinfo/squid-users > > > ___ > > squid-users mailing list > > squid-users@lists.squid-cache.org > > http://lists.squid-cache.org/listinfo/squid-users > > > - -- Cats - delicious. You just do not know how to cook them. -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYEkA9AAoJENNXIZxhPexG6SQH/3KfdIijTUfo9P+gIAr/RRq4 ph8xJbzoLsxTBT+3TXdO4dTm0g9WJev7ZzJfKe0GcZsKWah6XSIzgYivm7HVFJ1Q z2r1FC5ofyfIgLB66a1wXtAe+RDwbsIH5/LIEcQPEcdYbCdU5ELE/Z/iJ2v89YjZ 73TWJYCZOCgCehUfMvkR+cfnqZP8jl+BxvnPPdfAwYjWEyIJRVwgHYWsfYXt3EuM 2+I6m5IXOwjFPzxIM4OEOmGl3e8jrCUCfk6ao11zxGLux5wmsPYb/NJXh9wQyr0n fld7PAS8ijeqIReZf7MYy2M8kgoSkWRr31o2TMnKRtL10p6EZB59tho5EByD5m0= =YqFK -END PGP SIGNATURE- 0x613DEC46.asc Description: application/pgp-keys ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Transparent and non Transparent at the same time
Well this is the most efficient and less risker way. I do not know MikroTik enough to the hardware but it has a routing engine so... routing policy. In the past I wrote about it somewhere with details instructions on how to do it in a mikrotik. Eliezer Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: elie...@ngtech.co.il -Original Message- From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of Yuri Voinov Sent: Thursday, October 27, 2016 20:51 To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] Transparent and non Transparent at the same time -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 You absolutely sure, Eliezier? :) 27.10.2016 23:46, Eliezer Croitoru пишет: > You need routing policy not DNAT. > > Eliezer > > > Eliezer Croitoru > Linux System Administrator > Mobile: +972-5-28704261 > Email: elie...@ngtech.co.il > > > -Original Message- > From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of erdosain9 > Sent: Thursday, October 27, 2016 19:08 > To: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] Transparent and non Transparent at the same time > > Ok... but i have this problem > > ERROR: NAT/TPROXY lookup failed to locate original IPs on > local=192.168.1.15:3130 remote=192.168.1.1:52090 FD 14 flags=33 > > ... > I put some dstnat in Mikrotik (192.168.1.1) > > > ip firewall nat add chain=dstnat src-add=192.168.1.121 protocol=tcp > dst-port=80 action=dst-nat > to-addresses=192.168.1.20 to-ports=3129 > > ERROR: NAT/TPROXY lookup failed to locate original IPs on > local=192.168.1.20:3129 remote=192.168.1.1:52153 FD 14 flags=33 > 2016/10/27 14:01:43 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on > local=192.168.1.215:3129 remote=192.168.1.1:52154 FD 14 flags=33: (92) Protocol not available > > I dont have iptables or firewalld... im using Centos... is necessary enable firewalld or iptables??? > > > im using the PC (192.168.1.121 for test) Thanks > > > > -- > View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Transparent-and-non-Transparent-at-the-same-time-tp4680309p4680330.html > Sent from the Squid - Users mailing list archive at Nabble.com. > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users - -- Cats - delicious. You just do not know how to cook them. -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYEj6aAAoJENNXIZxhPexGKMwH/1bJbs+gQQAg5rdk/pyskSYB hPxlzR2MCa2glOhDMKqcnBBscv94ITVJW4eCzxZZZaNhAe1xbBISUhFfS3SBpCbn C6RfOMG0N2D1uXRDRtskuoELMbfxOsRPGLcUC1a7acUts299k+oTz1kpLlzWWWTB kfNvDZTLTvatvgGTI6lD9EUjk7zR0DbzXDX6AuF8UZ2z2izv/RqPMFKu9se+zkGe gjGgDNYwD1gBDXhPvTzLRjRnWgZPv0Cb4L63JPerZvl+nPt6gcfPf32DR8imkKeg YnDp3YDZQcZqMZRWANBb7UZefQ/PNisoHhLybhoQ7SuyKEVq2tKmq1DPwcSy18A= =iuPQ -END PGP SIGNATURE- ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Transparent and non Transparent at the same time
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 You absolutely sure, Eliezier? :) 27.10.2016 23:46, Eliezer Croitoru пишет: > You need routing policy not DNAT. > > Eliezer > > > Eliezer Croitoru > Linux System Administrator > Mobile: +972-5-28704261 > Email: elie...@ngtech.co.il > > > -Original Message- > From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of erdosain9 > Sent: Thursday, October 27, 2016 19:08 > To: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] Transparent and non Transparent at the same time > > Ok... but i have this problem > > ERROR: NAT/TPROXY lookup failed to locate original IPs on > local=192.168.1.15:3130 remote=192.168.1.1:52090 FD 14 flags=33 > > ... > I put some dstnat in Mikrotik (192.168.1.1) > > > ip firewall nat add chain=dstnat src-add=192.168.1.121 protocol=tcp > dst-port=80 action=dst-nat > to-addresses=192.168.1.20 to-ports=3129 > > ERROR: NAT/TPROXY lookup failed to locate original IPs on > local=192.168.1.20:3129 remote=192.168.1.1:52153 FD 14 flags=33 > 2016/10/27 14:01:43 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on > local=192.168.1.215:3129 remote=192.168.1.1:52154 FD 14 flags=33: (92) Protocol not available > > I dont have iptables or firewalld... im using Centos... is necessary enable firewalld or iptables??? > > > im using the PC (192.168.1.121 for test) Thanks > > > > -- > View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Transparent-and-non-Transparent-at-the-same-time-tp4680309p4680330.html > Sent from the Squid - Users mailing list archive at Nabble.com. > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users - -- Cats - delicious. You just do not know how to cook them. -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYEj6aAAoJENNXIZxhPexGKMwH/1bJbs+gQQAg5rdk/pyskSYB hPxlzR2MCa2glOhDMKqcnBBscv94ITVJW4eCzxZZZaNhAe1xbBISUhFfS3SBpCbn C6RfOMG0N2D1uXRDRtskuoELMbfxOsRPGLcUC1a7acUts299k+oTz1kpLlzWWWTB kfNvDZTLTvatvgGTI6lD9EUjk7zR0DbzXDX6AuF8UZ2z2izv/RqPMFKu9se+zkGe gjGgDNYwD1gBDXhPvTzLRjRnWgZPv0Cb4L63JPerZvl+nPt6gcfPf32DR8imkKeg YnDp3YDZQcZqMZRWANBb7UZefQ/PNisoHhLybhoQ7SuyKEVq2tKmq1DPwcSy18A= =iuPQ -END PGP SIGNATURE- 0x613DEC46.asc Description: application/pgp-keys ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Transparent and non Transparent at the same time
You need routing policy not DNAT. Eliezer Eliezer Croitoru Linux System Administrator Mobile: +972-5-28704261 Email: elie...@ngtech.co.il -Original Message- From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of erdosain9 Sent: Thursday, October 27, 2016 19:08 To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] Transparent and non Transparent at the same time Ok... but i have this problem ERROR: NAT/TPROXY lookup failed to locate original IPs on local=192.168.1.15:3130 remote=192.168.1.1:52090 FD 14 flags=33 ... I put some dstnat in Mikrotik (192.168.1.1) ip firewall nat add chain=dstnat src-add=192.168.1.121 protocol=tcp dst-port=80 action=dst-nat to-addresses=192.168.1.20 to-ports=3129 ERROR: NAT/TPROXY lookup failed to locate original IPs on local=192.168.1.20:3129 remote=192.168.1.1:52153 FD 14 flags=33 2016/10/27 14:01:43 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on local=192.168.1.215:3129 remote=192.168.1.1:52154 FD 14 flags=33: (92) Protocol not available I dont have iptables or firewalld... im using Centos... is necessary enable firewalld or iptables??? im using the PC (192.168.1.121 for test) Thanks -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Transparent-and-non-Transparent-at-the-same-time-tp4680309p4680330.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Transparent and non Transparent at the same time
Ok... but i have this problem ERROR: NAT/TPROXY lookup failed to locate original IPs on local=192.168.1.15:3130 remote=192.168.1.1:52090 FD 14 flags=33 ... I put some dstnat in Mikrotik (192.168.1.1) ip firewall nat add chain=dstnat src-add=192.168.1.121 protocol=tcp dst-port=80 action=dst-nat to-addresses=192.168.1.20 to-ports=3129 ERROR: NAT/TPROXY lookup failed to locate original IPs on local=192.168.1.20:3129 remote=192.168.1.1:52153 FD 14 flags=33 2016/10/27 14:01:43 kid1| ERROR: NF getsockopt(ORIGINAL_DST) failed on local=192.168.1.215:3129 remote=192.168.1.1:52154 FD 14 flags=33: (92) Protocol not available I dont have iptables or firewalld... im using Centos... is necessary enable firewalld or iptables??? im using the PC (192.168.1.121 for test) Thanks -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Transparent-and-non-Transparent-at-the-same-time-tp4680309p4680330.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Transparent and non Transparent at the same time
Just configure 2 different ports for squid to listen, one is transparent, the other is not. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Transparent-and-non-Transparent-at-the-same-time-tp4680309p4680314.html Sent from the Squid - Users mailing list archive at Nabble.com. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
