Re: [squid-users] HTTPS & transparent proxy from Daniel EPEE LEA on 2006-03-11 (squid-users)

From: Daniel EPEE LEA <epeelea@dont-contact.us>
Date: Sat, 11 Mar 2006 09:33:12 -0800

Henrik,

I have created a gre tunnel, without success

6: gre0: <NOARP,UP> mtu 1476 qdisc noqueue
    link/gre 0.0.0.0 brd 0.0.0.0
    inet 172.16.1.6/30 brd 172.16.1.7 scope global gre0
7: gre1@bond0: <POINTOPOINT,NOARP,UP> mtu 1476 qdisc noqueue
    link/gre cache.45 peer router.33
    inet 127.0.0.2/32 scope host gre1
---------------------
[root@cache ~]# iptunnel
sit0: ipv6/ip remote any local any ttl 64 nopmtudisc
gre0: gre/ip remote any local any ttl inherit nopmtudisc
gre1: gre/ip remote router.33 local cache.45 dev bond0 ttl inherit
------------------------
[root@cachedla ~]# iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 2212 packets, 195K bytes)
pkts bytes target prot opt in out source destination
   0 0 REDIRECT tcp -- gre0 any anywhere
anywhere tcp dpt:http redir ports 3128
-------------------------
tcp dump

18:23:03.234100 IP cache45.ssh > client.1459: P 49676124:49676432(308)
ack 250745 win 16744
18:23:03.234103 IP cache45.ssh > client.1459: P 49676124:49676432(308)
ack 250745 win 16744
18:23:03.234162 IP cache45.ssh > client.1459: P 49676432:49676660(228)
ack 250745 win 16744
18:23:03.234167 IP cache45.ssh > client.1459: P 49676432:49676660(228)
ack 250745 win 16744
18:23:03.234214 IP client.1459 > cache45.ssh: . ack 49676124 win 61591
18:23:03.234225 IP cache45.ssh > client.1459: P 49676660:49676968(308)
ack 250745 win 16744
18:23:03.234228 IP cache45.ssh > client.1459: P 49676660:49676968(308)
ack 250745 win 16744
18:23:03.234283 IP cache45.ssh > client.1459: P 49676968:49677196(228)
ack 250745 win 16744
18:23:03.234289 IP cache45.ssh > client.1459: P 49676968:49677196(228)
ack 250745 win 16744
18:23:03.234338 IP client.1459 > cache45.ssh: . ack 49676660 win 61055
18:23:03.234349 IP cache45.ssh > client.1459: P 49677196:49677504(308)
ack 250745 win 16744
18:23:03.234352 IP cache45.ssh > client.1459: P 49677196:49677504(308)
ack 250745 win 16744
18:23:03.234410 IP cache45.ssh > client.1459: P 49677504:49677732(228)
ack 250745 win 16744
18:23:03.234416 IP cache45.ssh > client.1459: P 49677504:49677732(228)
ack 250745 win 16744
18:23:03.234463 IP client.1459 > cache45.ssh: . ack 49677196 win 60519
18:23:03.234474 IP cache45.ssh > client.1459: P 49677732:49677944(212)
ack 250745 win 16744
18:23:03.234477 IP cache45.ssh > client.1459: P 49677732:49677944(212)
ack 250745 win 16744
18:23:03.234537 IP cache45.ssh > client.1459: P 49677944:49678268(324)
ack 250745 win 16744
18:23:03.234543 IP cache45.ssh > client.1459: P 49677944:49678268(324)
ack 250745 win 16744
18:23:03.234592 IP client.1459 > cache45.ssh: . ack 49677732 win 59983
18:23:03.234591 IP router33 > cache45: gre-proto-0x883e
18:23:03.234610 IP cache45.ssh > client.1459: P 49678268:49678576(308)
ack 250745 win 16744
18:23:03.234616 IP cache45.ssh > client.1459: P 49678268:49678576(308)
ack 250745 win 16744
18:23:03.234591 IP client.2619 > 62.149.229.189.http: S
4293072232:4293072232(0) win 65535 <mss 1460,nop,nop,sackOK>

470495 packets captured
472300 packets received by filter
1750 packets dropped by kernel
------------------------------

[root@cachedla ~]# tcpdump -i any port 2048
tcpdump: WARNING: Promiscuous mode not supported on the "any" device
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
18:24:57.618905 IP cache45.2048 > router33.2048: UDP, length 52
18:24:57.619292 IP cache45.2048 > router33.2048: UDP, length 52
18:24:57.620627 IP router33.2048 > cache45.2048: UDP, length 64
18:25:08.572755 IP cache45.2048 > router33.2048: UDP, length 52
18:25:08.572762 IP cache45.2048 > router33.2048: UDP, length 52
18:25:08.574505 IP router33.2048 > cache45.2048: UDP, length 64
18:25:18.603899 IP cache45.2048 > router33.2048: UDP, length 52
18:25:18.603917 IP cache45.2048 > router33.2048: UDP, length 52
18:25:18.605682 IP router33.2048 > cache45.2048: UDP, length 64
18:25:28.627010 IP cache45.2048 > router33.2048: UDP, length 52
18:25:28.627017 IP cache45.2048 > router33.2048: UDP, length 52
18:25:28.628740 IP router33.2048 > cache45.2048: UDP, length 64
18 packets captured
21 packets received by filter
0 packets dropped by kernel
----------------------
        Total Authentication failures: 0
Router#sh ip wccp
Global WCCP information:
    Router information:
        Router Identifier: 195.24.216.33
        Protocol Version: 1.0

    Service Identifier: web-cache
        Number of Cache Engines: 1
        Number of routers: 1
        Total Packets Redirected: 13211
        Process: 4598
        Fast: 0
        CEF: 8613
        Redirect access-list: -none-
        Total Packets Denied Redirect: 0
        Total Packets Unassigned: 0
        Group access-list: -none-
        Total Messages Denied to Group: 0
        Total Authentication failures: 0
Router#

Henrik, can u help me see what I am missing ?

Much Regards,,

Dan
Received on Sat Mar 11 2006 - 10:33:14 MST

This archive was generated by hypermail pre-2.1.9 : Sat Apr 01 2006 - 12:00:04 MST