[squid-users] TPROXY Problems from Jamie Orzechowski on 2009-03-10 (squid-users)

From: Jamie Orzechowski <admin_at_ripnet.com>
Date: Tue, 10 Mar 2009 13:44:27 -0400

I think I have TPROXY working but running into some issues.
Checking my logs all my traffic shows up as a TCP_MISS

1236698452.579 79 66.78.98.194 TCP_MISS/200 542 GET
http://l1.zedo.com//log/p.gif? - DIRECT/72.247.244.10 image/gif
1236698452.634 293 66.78.98.194 TCP_MISS/200 4972 GET
http://blstb.msn.com/i/9B/DDD13A38CB8B34F4DFA3F7BFFF71.jpg -
DIRECT/192.221.114.124 image/jpeg
1236698452.878 100 66.78.98.194 TCP_MISS/200 1076 GET
http://h.foxsports.com/HG? - DIRECT/64.154.81.231 image/gif
1236698453.367 252 66.78.98.194 TCP_MISS/200 1368 GET
http://www.myinternetservices.com/live/visitor/index.php? -
DIRECT/72.232.167.111 image/gif
1236698454.087 13 66.78.98.194 TCP_MISS/200 812 GET
http://weyedata.pelmorex.com/WeatherEye/ObsData/CAON0090.xml -
DIRECT/207.96.160.37 text/xml
1236698455.251 116 66.78.98.194 TCP_MISS/200 1368 GET
http://www.myinternetservices.com/live/visitor/index.php? -
DIRECT/72.232.167.111 image/gif
1236698456.570 6451 66.78.98.194 TCP_MISS/200 45898 GET
http://www.facebook.com/profile.php? - DIRECT/69.63.176.140 text/html
1236698456.876 77 66.78.98.194 TCP_MISS/200 2765 GET
http://profile.ak.facebook.com/v227/2005/50/q638320646_36.jpg -
DIRECT/209.170.91.178 image/jpeg

My iptables is the following

echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t mangle -N DIVERT
/sbin/iptables -t mangle -A DIVERT -j MARK --set-mark 1
/sbin/iptables -t mangle -A DIVERT -j ACCEPT
/sbin/iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY
--tproxy-mark 0x1/0x1 --on-port 3129
//
any idea why I am not getting any TCP_HITS? ...

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=
Jamie Orzechowski - CCNA
RipNET Ltd. System/Network Administrator
Tel.: 613-342-3946 x294
THIS MESSAGE IS INTENDED ONLY FOR THE ADDRESSEE, IT MAY CONTAIN 
PRIVILEGED OR CONFIDENTIAL INFORMATION.  ANY UNAUTHORIZED DISCLOSURE IS 
STRICTLY PROHIBITED.  IF YOU HAVE RECEIVED THIS MESSAGE IN ERROR, PLEASE 
NOTIFY ME IMMEDIATELY SO THAT I MAY CORRECT MY INTERNAL RECORDS.  PLEASE 
THEN DELETE THE ORIGINAL MESSAGE.
=-=-=-=-=-=-=-=-=-=-=-=-=

Received on Tue Mar 10 2009 - 17:44:42 MDT

This archive was generated by hypermail 2.2.0 : Tue Mar 10 2009 - 12:00:03 MDT