if transparent proxying stops working and the process behind runs, then
probably the rule table has been changed.
If you're alone with the machine, do the following steps :
- Zero out all rule counters (ipchains -Z)
- watch the syslog (e.g. tail -f /var/log/messages)
- make a proxy connection try (e.g. lynx http://www.linuxwall.de)
- after that failed, check the rule counters
(ipchains -L [{input|output}] -v -n)
You see which rules triggered and see what syslog said.
With an analysis of those informations you should be able to isolate the
problem.
Also do a netstat -a -n to seee if the proxy is listening.
For me a "salvation rule" was very helpful :
ipchains -A {input|forward|output} -j DENY -l
as the last rule in each chain logs every unidentified packet passed so
far.
Mit freundlichen Grüßen / king regards
Frank Bernard
Frank Bernard Informationstechnik GmbH
vanity +49 700 FIREWALL (0700 FIREWALL) phone : +49 69 477169
Dipl.-Inform. Frank Bernard fax : +49 69 47885616
Wehrheimerstr. 9 email : fb@fbit.de
60389 Frankfurt www : http://www.fbit.de
Germany http://www.linuxwall.de
On Mon, 29 Nov 1999, Robert Cohen wrote:
>
> I'm having a weird problem with squid 2.2stable5.
> I have it set up as a transparent proxy on a 2.2.13 box.
> I'm using IP chains to redirect port 80 requests to the proxy on port
> 8080.
> I have IP forwarding enabled and am using the following ipchains command
>
> /sbin/ipchains -A input -j REDIRECT 8080 -p tcp -s 203.37.38.0/24 -d
> 0.0.0.0/0 80
>
> The weird thing is that it works fine for about a day then stops
> working.
> No obvious error messages in logs.
> The proxy still works if I contact it explicitly on the proxy port
> rather than using the transparent functionality.
> So networking is still working.
>
> I get an error message back from the squid about "connection lifetime
> exceeded". So the redirection is still working to some extent as the
> request is reaching the squid.
>
> I dont think its a squid problem as such as the same version works fine
> under kernel 2.0.36.
> And when the problem occurs, squid is still working.
>
> So it seems to be some sort of interaction between the IP redirection
> and squid.
> A reboot fixes it, but stopping and restarting squid doesnt.
>
> I'm trying 2.2.14pre9 at the moment to see if it fixes it.
> I notice that the changes for for 2.2.14pre mentions a transproxy fix.
>
> Does anyone know if that transproxy problem is likely to have these
> symptoms.
> Does anyone have any other suggestions as to what could be causing this.
>
> --
> Robert Cohen - Network Administrator
> Apex Internet
> robert@apex.net.au http://www.apex.net.au
> Ph (02) 6247 2000 Fax: (02) 6247 2711
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.rutgers.edu
> Please read the FAQ at http://www.tux.org/lkml/
>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/