Hi Eliezer,
This would be the output of your script. This is not CentOS so some
things have failed... and I just obscurated the public IP related data.
I tried adding the rule you proposed (as you may see in the output), but
unfortunately it made no difference, I'm still having the redirect loop.
==================== terminal type:
xterm
==================== SHELL type:
/bin/bash
\033[00;32m==================== kernel and machine info:\033[0m
Linux vps81276 2.6.32-042stab092.2 #1 SMP Tue Jul 8 10:35:55 MSK 2014
x86_64 x86_64 x86_64 GNU/Linux
./basic_data.sh: line 48: green_mesage: command not found
./basic_data.sh: line 49: sestatus: command not found
\033[00;32m==================== iptables rules:\033[0m
# Generated by iptables-save v1.4.21 on Thu Jul 17 07:35:34 2014
*nat
:PREROUTING ACCEPT [26:1878]
:POSTROUTING ACCEPT [37:2588]
:OUTPUT ACCEPT [35:2468]
-A OUTPUT -p tcp -m owner --uid-owner 13 -m tcp --dport 3128 -m
conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Thu Jul 17 07:35:34 2014
# Generated by iptables-save v1.4.21 on Thu Jul 17 07:35:34 2014
*mangle
:PREROUTING ACCEPT [1063:131533]
:INPUT ACCEPT [1063:131533]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [887:158471]
:POSTROUTING ACCEPT [887:158471]
COMMIT
# Completed on Thu Jul 17 07:35:34 2014
# Generated by iptables-save v1.4.21 on Thu Jul 17 07:35:34 2014
*filter
:INPUT ACCEPT [1063:131533]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [887:158471]
COMMIT
# Completed on Thu Jul 17 07:35:34 2014
\033[00;32m==================== tproxy module loaded?:\033[0m
\033[00;32m==================== routes are:\033[0m
10.10.0.2 dev tun0 proto kernel scope link src 10.10.0.1
PUBLIC-IP-GATEWAY/24 dev venet0 proto kernel scope link src PUBLIC-IP
10.10.0.0/24 via 10.10.0.2 dev tun0
default dev venet0 scope link
\033[00;32m==================== registered route tables:\033[0m
255 local
254 main
253 default
0 unspec
\033[00;32m==================== tproxy route table:\033[0m
\033[00;32m==================== ip policy rules:\033[0m
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
\033[00;32m==================== links info:\033[0m
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN mode
DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 qdisc
noqueue state UNKNOWN mode DEFAULT
link/void
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UNKNOWN mode DEFAULT qlen 100
link/none
\033[00;32m==================== ip addresses:\033[0m
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 qdisc
noqueue state UNKNOWN
link/void
inet 127.0.0.2/32 scope host venet0
inet PUBLIC-IP/24 brd PUBLIC-IP-BROADCAST scope global venet0:0
inet6 2001:41d0:52:d00::265/56 scope global
valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UNKNOWN qlen 100
link/none
inet 10.10.0.1 peer 10.10.0.2/32 scope global tun0
\033[00;32m==================== arp list:\033[0m
\033[00;32m==================== listening TCP sockets:\033[0m
State Recv-Q
Send-Q Local
Address:Port Peer Address:Port
LISTEN 0 0 10.10.0.1:53 *:* users:(("named",800,24))
LISTEN 0 0 PUBLIC-IP:53 *:* users:(("named",800,23))
LISTEN 0 0 127.0.0.2:53 *:* users:(("named",800,22))
LISTEN 0 0 127.0.0.1:53 *:* users:(("named",800,21))
LISTEN 0 0 *:22 *:* users:(("sshd",713,3))
LISTEN 0 0 *:3127 *:* users:(("squid3",739,10))
LISTEN 0 0 *:3128 *:* users:(("squid3",739,9))
LISTEN 0 0 *:25 *:* users:(("smtpd",1678,6),("master",930,12))
LISTEN 0 0 127.0.0.1:953 *:* users:(("named",800,25))
LISTEN 0 0 :::53 :::* users:(("named",800,20))
LISTEN 0 0 :::22 :::* users:(("sshd",713,4))
LISTEN 0 0 :::25 :::* users:(("smtpd",1678,7),("master",930,13))
LISTEN 0 0 ::1:953 :::* users:(("named",800,26))
\033[00;32m==================== ulimit soft:\033[0m
core file size (blocks, -c) unlimited
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 256184
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 4096
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) unlimited
cpu time (seconds, -t) unlimited
max user processes (-u) 256184
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
\033[00;32m==================== ulimit hard:\033[0m
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 256184
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 10240
cpu time (seconds, -t) unlimited
max user processes (-u) 256184
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
\033[00;31m==================== could not find squid binary file\033[0m
\033[00;31m==================== squid.conf was not found in the default
location\033[0m
\033[00;31m==================== could not find yum binary file\033[0m
Thanks!
El 16/07/2014 23:06, Eliezer Croitoru escribi�:
> Will be is one thing...
> In any case just run the script I gave you to get the basic
> information from the OS it is good enough for IP address etc..
>
> The rule I gave you should be on the OUTPUT as iptables claims.
> I am yet not sure about the network structure and there for not sure
> about the issue.
> Do not try to intercept port 8080 for google because it wont work and
> the response is good for that
>
> Eliezer
>
> On 07/16/2014 08:50 PM, Nicol�s wrote:
>> I just realized that part 5 minutes ago... Sorry for the nuisance! In my
>> case I need to use as a proxy a different machine because otherwise I'd
>> have to set one per client with the same rules, which seems not very
>> scalable. The final schema would be this:
>>
>> Client 1 \
>> Client 2 \
>> Client 3 -> squid3 server -> internet
>> Client 4 /
>> Client 5 /
>>
>> Also, the server running squid3 as transparent proxy would be under a
>> different public IP and router than the clients (a remote server...
>> requirement of my company), and all of them are using just one network
>> interface. What iptables rules would I need to achieve this scenario?
>>
>> Thanks!
>
Received on Thu Jul 17 2014 - 05:47:39 MDT
This archive was generated by hypermail 2.2.0 : Thu Jul 17 2014 - 12:00:04 MDT