I'm trying to setup a transparent proxy with Cisco and Linux/Squid. I
first tried with RH5.2 and kernel 2.2.8, but it didn't work. When I tried
with the original kernel 2.0.36, it worked just fine. Than I switched back
to 2.2.8, and it didn't work again..
I posted this message at the Squid mailing-list, but they told me this
should really be a Linux Networking issue, and not a Squid problem.
At my CISCO router, I use "ip policy route-map" to forward all web queries
to my Linux/Squid box.
At the Linux box, I forward all web queries to port 3128, where Squid is
installed. This is done with ipchains this way:
ipchains -A input -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 80 -j REDIRECT 3128
But when I issue:
tcpdump -n -i eth0 src or dst 200.231.199.10 and proto ICMP
I get lots of lines like this:
17:29:16.470567 200.231.199.10 > 200.231.199.94: icmp: 200.239.234.31 tcp
port 80 unreachable [tos 0xc0]
17:29:16.474561 200.231.199.10 > 200.246.104.30: icmp: 200.246.5.65 tcp
port 80 unreachable [tos 0xc0]
17:29:16.479707 200.231.199.10 > 200.246.104.194: icmp: 192.160.13.190 tcp
port 80 unreachable [tos 0xc0]
17:29:16.483313 200.231.199.10 > 200.231.199.193: icmp: 200.211.190.120 tcp
port 80 unreachable [tos 0xc0]
17:29:16.509855 200.231.199.10 > 200.246.104.194: icmp: 192.160.13.190 tcp
port 80 unreachable [tos 0xc0]
17:29:16.557626 200.231.199.10 > 200.231.199.94: icmp: 200.244.143.130 tcp
port 80 unreachable [tos 0xc0]
17:29:16.652598 200.231.199.10 > 200.246.104.194: icmp: 192.160.13.190 tcp
port 80 unreachable [tos 0xc0]
17:29:16.669340 200.231.199.10 > 200.231.199.94: icmp: 200.239.234.31 tcp
port 80 unreachable [tos 0xc0]
17:29:16.682216 200.231.199.10 > 200.231.199.193: icmp: 200.246.5.92 tcp
port 80 unreachable [tos 0xc0]
17:29:16.701558 200.231.199.10 > 200.231.184.154: icmp: 200.236.96.3 tcp
port 80 unreachable [tos 0xc0]
17:29:16.712711 200.231.199.10 > 200.246.104.194: icmp: 192.160.13.190 tcp
port 80 unreachable [tos 0xc0]
17:29:16.872140 200.231.199.10 > 200.231.199.193: icmp: 200.246.5.65 tcp
port q80 unreachable [tos 0xc0]
17:29:16.897651 200.231.199.10 > 200.246.104.30: icmp: 209.216.198.28 tcp
port 80 unreachable [tos 0xc0]
17:29:16.907305 200.231.199.10 > 200.246.104.194: icmp: 192.160.13.190 tcp
port 80 unreachable [tos 0xc0]
17:29:16.978527 200.231.199.10 > 200.246.104.194: icmp: 192.160.13.190 tcp
port 80 unreachable [tos 0xc0]
17:29:17.058339 200.231.199.10 > 200.246.104.14: icmp: 129.187.254.93 tcp
port 80 unreachable [tos 0xc0]
17:29:17.062938 200.231.199.10 > 200.231.199.193: icmp: 206.132.173.34 tcp
port 80 unreachable [tos 0xc0]
200.231.199.10 is the Linux/Squid box. 200.246.104.0/24, 200.231.199.0/24
and 200.231.184.0/24 are my users.
Does anyone knows what this could be? Is it a problem with kernel 2.2.x?
It works with 2.0.36, but not with 2.2.8.. is this possible?
Thanks!!
Henrique Pantarotto
Coord. Técnico Operacional
CEPAnet Internet Provider
Web: http://www.cepa.com.br
Tel. suporte: +55 (011) 5506-8477
Sao Paulo - Brasil
Linux Friend
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/