RE: [squid-users] Really transparent proxy

Facundo Vilarnovo Tue, 15 May 2007 21:37:55 -0700

Zul, we already do that... it doesn't chance anything :(

I don't remember right now how it was but, in option 1 via off, forward off, 
show that I'm BEHIND a proxy, but show the client ip address. Option 2: Without 
via and forward doesn't, but shows the squid ip address, instead the clients 
ip, I don't know if you understand me :(


But it was something like that :(

Tnxs to all
Facundo Vilarnovo

-----Mensaje original-----
De: Facundo Vilarnovo [mailto:[EMAIL PROTECTED] 
Enviado el: Miércoles, 16 de Mayo de 2007 12:50 a.m.
Para: squid-users@squid-cache.org
CC: Nicolas Royo
Asunto: RE: [squid-users] Really transparent proxy

Here it goes!
#####squid Conf.#####
http_port 3128 tproxy  transparent
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
access_log /usr/local/squid/var/logs/access.log squid
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
        acl Safe_ports port 80          # http
        acl Safe_ports port 21          # ftp
        acl Safe_ports port 443         # https
        acl Safe_ports port 70          # gopher
        acl Safe_ports port 210         # wais
        acl Safe_ports port 1025-65535  # unregistered ports
        acl Safe_ports port 280         # http-mgmt
        acl Safe_ports port 488         # gss-http
        acl Safe_ports port 591         # filemaker
        acl Safe_ports port 777         # multiling http
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src 0.0.0.0/0.0.0.0
http_access allow our_networks
http_access deny all
http_reply_access allow all
icp_access allow all
visible_hostname debian-sq
wccp2_router y.y.y.y
 wccp_version 4
 wccp2_forwarding_method 1
 wccp2_return_method 1
 wccp2_assignment_method 1
coredump_dir /usr/local/squid/var/cache
###### end of file #####

Here are the Iptables:
squid-RC9:/usr/local/squid/etc# iptables -L -t tproxy Chain PREROUTING (policy 
ACCEPT)
target     prot opt source               destination         
TPROXY     tcp  --  anywhere             anywhere            tcp dpt:www TPROXY 
redirect 0.0.0.0:3128
TPROXY     tcp  --  anywhere             anywhere            tcp dpt:www TPROXY 
redirect 0.0.0.0:80
TPROXY     tcp  --  anywhere             anywhere            tcp dpt:www TPROXY 
redirect 0.0.0.0:80
TPROXY     tcp  --  anywhere             anywhere            tcp dpt:www TPROXY 
redirect 0.0.0.0:3128

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        

if any extra info is needed i have no problem to postit! 


Thnxs all!!
Facundo Vilarnovo

-----Mensaje original-----
De: Facundo Vilarnovo [mailto:[EMAIL PROTECTED] 
Enviado el: Miércoles, 16 de Mayo de 2007 12:26 a.m.
Para: zulkarnain; squid-users@squid-cache.org
CC: Nicolas Royo
Asunto: RE: [squid-users] Really transparent proxy

Here it goes!
#####squid Conf.#####
http_port 3128 tproxy  transparent
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
access_log /usr/local/squid/var/logs/access.log squid
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
        acl Safe_ports port 80          # http
        acl Safe_ports port 21          # ftp
        acl Safe_ports port 443         # https
        acl Safe_ports port 70          # gopher
        acl Safe_ports port 210         # wais
        acl Safe_ports port 1025-65535  # unregistered ports
        acl Safe_ports port 280         # http-mgmt
        acl Safe_ports port 488         # gss-http
        acl Safe_ports port 591         # filemaker
        acl Safe_ports port 777         # multiling http
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src 0.0.0.0/0.0.0.0
http_access allow our_networks
http_access deny all
http_reply_access allow all
icp_access allow all
visible_hostname debian-sq
wccp2_router y.y.y.y
 wccp_version 4
 wccp2_forwarding_method 1
 wccp2_return_method 1
 wccp2_assignment_method 1
coredump_dir /usr/local/squid/var/cache
###### end of file #####

Here are the Iptables:
squid-RC9:/usr/local/squid/etc# iptables -L -t tproxy
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
TPROXY     tcp  --  anywhere             anywhere            tcp dpt:www
TPROXY redirect 0.0.0.0:3128
TPROXY     tcp  --  anywhere             anywhere            tcp dpt:www
TPROXY redirect 0.0.0.0:80
TPROXY     tcp  --  anywhere             anywhere            tcp dpt:www
TPROXY redirect 0.0.0.0:80
TPROXY     tcp  --  anywhere             anywhere            tcp dpt:www
TPROXY redirect 0.0.0.0:3128

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        

if any extra info is needed i have no problem to postit! 


Thnxs all!!
Facundo Vilarnovo

-----Mensaje original-----
De: zulkarnain [mailto:[EMAIL PROTECTED] 
Enviado el: Martes, 15 de Mayo de 2007 11:22 p.m.
Para: Facundo Vilarnovo; squid-users@squid-cache.org
CC: Nicolas Royo
Asunto: RE: [squid-users] Really transparent proxy


--- Facundo Vilarnovo <[EMAIL PROTECTED]> wrote:
>       Now we got squid+wccp+tproxy module working but,
> some sites like http://www.whatsmyipaddress.com/
> shows the client origin ip address (that's correct)
> and ALSO shows that is behind and PROXY!, any ideas
> of what can be wrong?, if is needed we may post our
> configuration file of squid!
> 

Have you turn OFF "via" and "forwarded_for" on your
squid.conf?

-Zul


 
________________________________________________________________________
____________
The fish are biting. 
Get more visitors on your site using Yahoo! Search Marketing.
http://searchmarketing.yahoo.com/arp/sponsoredsearch_v2.php

RE: [squid-users] Really transparent proxy

Reply via email to