I compiled Squid with custom options to support transparent
caching,(enable-ipf-transparent). I then proceeded to setup a transparent
redirect on the Cisco router for any web traffic from DNS1 (a unix server
using lynx,
web browser to test) which did not work. I
installed tcpdump on the squid server, and started it listening on
both dns1 and squid. The traffic pattern appears as follows:
(format SourceIP:SourcePort > DestinationIP:DestinationPort)
dns1:4567 > yahoo:80 (seen from tcpdump on dns1)
dns1:4567 > yahoo:80 (seen from tcpdump on squid)
yahoo:80 > dns1:4567 (seen on squid)
Initial connection is redirected by the router, squid sees the packet
come to it, then forwards the request on unchanged. A second
later, Squid sees the reply from yahoo, routed to itself by the
router, but the destination is to dns1 so it ignores it.
I believe that squid should be changing the source ip to itself, get
the reply and then forward it back to original client (dns1 in this
case) looking something more like this:
dns1:4567 > yahoo:80 (tcpdump on dns1)
(router redirects to squid)
dns1:4567 > yahoo:80 (tcpdump on squid)
(squid grabs URL, makes a request to yahoo, forwards)
squid:4567 > yahoo:80 (tcpdump on squid)
yahoo:80 > squid:4567 (yahoo replies to squid)
(squid changes destination, forwards)
squid:80 > dns1:4567 (sends dns1 yahoo's response)
Squid is running on port 80 and I've added the following lines to ipfw:
00049 allow tcp from 207.189.128.5 to any
00050 fwd 127.0.0.1 tcp from any to any 80 out recv sis0 xmit sis0
00200 allow log ip from any to any
So it appears that Squid is not correctly obtaining the URL from the
clients. This is likely something to do with the firewall rules on
squid, but I've got them setup exactly as documentation states, so
I'm still looking for answers. Let me know if you have any
questions or suggestions.
Thanks,
--Tim
===============================================
Timothy M. Wolfe CCSE/NSA/CCNA
Sr. Security Engineer tim@ignw.com
InfoGroup Northwest 541.485.0957 x108
===============================================
Received on Thu Apr 19 2001 - 10:34:55 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:22 MST