* Re: Problems with Transparent Proxy using IPTables, Squid and 2.6 kernel
[not found] <200401100026.01870.Alistair Tonner <>
@ 2004-01-12 20:04 ` Peter Schobel
2004-01-12 20:57 ` Peter Schobel
0 siblings, 1 reply; 24+ messages in thread
From: Peter Schobel @ 2004-01-12 20:04 UTC (permalink / raw)
To: netfilter
it appears to me as if it's redirecting to port 3128 but its not
getting a reply from squid - the squid access log does not show the
access at all as if it never received the packet
Jan 12 14:52:21 proxyhost IN=eth0 OUT=
MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163
DST=216.239.37.104 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=47715 DF
PROTO=TCP SPT=53036 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
Jan 12 14:52:21 proxyhost IN=eth0 OUT=
MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163
DST=10.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=47715 DF PROTO=TCP
SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
Jan 12 14:52:24 proxyhost IN=eth0 OUT=
MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163 DST=
10.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=47717 DF PROTO=TCP
SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
Jan 12 14:52:27 proxyhost IN=eth0 OUT=
MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163 DST=
10.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=47719 DF PROTO=TCP
SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
Jan 12 14:52:30 proxyhost IN=eth0 OUT=
MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163 DST=
10.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=47721 DF PROTO=TCP
SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
Jan 12 14:52:33 proxyhost IN=eth0 OUT=
MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163 DST=
10.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=47724 DF PROTO=TCP
SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
Jan 12 14:52:36 proxyhost IN=eth0 OUT=
MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163 DST=
10.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=47726 DF PROTO=TCP
SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
Jan 12 14:52:42 proxyhost IN=eth0 OUT=
MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163 DST=
10.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=47739 DF PROTO=TCP
SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
Jan 12 14:52:54 proxyhost IN=eth0 OUT=
MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163 DST=
10.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=47743 DF PROTO=TCP
SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
On Saturday, January 10, 2004, at 12:26 AM, Alistair Tonner wrote:
>
> Have you tried LOGging the INPUT chain for both 80 and 3128?
> Or, perhaps more thorough, put a LOG rule in PREROUTING
> before the REDIRECT/DNAT rule to log what you will change,
> and since your destination is local, a LOG rule at the top of INPUT
> to catch *everything* for the interim? -- then see at what point
> the packets are actually disappearing.
>
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Problems with Transparent Proxy using IPTables, Squid and 2.6 kernel
2004-01-12 20:04 ` Problems with Transparent Proxy using IPTables, Squid and 2.6 kernel Peter Schobel
@ 2004-01-12 20:57 ` Peter Schobel
2004-01-12 21:31 ` John A. Sullivan III
0 siblings, 1 reply; 24+ messages in thread
From: Peter Schobel @ 2004-01-12 20:57 UTC (permalink / raw)
To: netfilter
If i access the proxyhost directly on port 80 i can see the request to
the local host on 3128 and then i see a request from the local host to
the remote proxy site and everything works fine - the squid log shows
the access. I'm not really sure what to do at this point i've been
trying any rule i can think of and i have a bunch of logging rules in
now to try to figure out what's going wrong but i'm not getting any
more information than what you see below.
If i can't get this working by the end of the night, i'll probably have
no choice but to format reinstall and try to get back to a working
configuration which i really don't want to do because i have a lot of
software installed and configured on that machine that i will have to
rebuild.
Peter Schobel
~
On Monday, January 12, 2004, at 03:04 PM, Peter Schobel wrote:
> it appears to me as if it's redirecting to port 3128 but its not
> getting a reply from squid - the squid access log does not show the
> access at all as if it never received the packet
>
>
> Jan 12 14:52:21 proxyhost IN=eth0 OUT=
> MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163
> DST=216.239.37.104 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=47715 DF
> PROTO=TCP SPT=53036 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
> Jan 12 14:52:21 proxyhost IN=eth0 OUT=
> MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163
> DST=10.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=47715 DF PROTO=TCP
> SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
> Jan 12 14:52:24 proxyhost IN=eth0 OUT=
> MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163 DST=
> 10.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=47717 DF PROTO=TCP
> SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
> Jan 12 14:52:27 proxyhost IN=eth0 OUT=
> MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163 DST=
> 10.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=47719 DF PROTO=TCP
> SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
> Jan 12 14:52:30 proxyhost IN=eth0 OUT=
> MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163 DST=
> 10.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=47721 DF PROTO=TCP
> SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
> Jan 12 14:52:33 proxyhost IN=eth0 OUT=
> MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163 DST=
> 10.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=47724 DF PROTO=TCP
> SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
> Jan 12 14:52:36 proxyhost IN=eth0 OUT=
> MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163 DST=
> 10.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=47726 DF PROTO=TCP
> SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
> Jan 12 14:52:42 proxyhost IN=eth0 OUT=
> MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163 DST=
> 10.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=47739 DF PROTO=TCP
> SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
> Jan 12 14:52:54 proxyhost IN=eth0 OUT=
> MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163 DST=
> 10.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=47743 DF PROTO=TCP
> SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
>
> On Saturday, January 10, 2004, at 12:26 AM, Alistair Tonner wrote:
>>
>> Have you tried LOGging the INPUT chain for both 80 and 3128?
>> Or, perhaps more thorough, put a LOG rule in PREROUTING
>> before the REDIRECT/DNAT rule to log what you will change,
>> and since your destination is local, a LOG rule at the top of INPUT
>> to catch *everything* for the interim? -- then see at what point
>> the packets are actually disappearing.
>>
>
>
>
*****************************
Peter Schobel
Network Administrator
Porchlight.ca
Unlimited Internet
*****************************
In a world without walls or fences
We will have no need for gates or windows
*****************************
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Problems with Transparent Proxy using IPTables, Squid and 2.6 kernel
2004-01-12 20:57 ` Peter Schobel
@ 2004-01-12 21:31 ` John A. Sullivan III
2004-01-12 22:45 ` Peter Schobel
0 siblings, 1 reply; 24+ messages in thread
From: John A. Sullivan III @ 2004-01-12 21:31 UTC (permalink / raw)
To: Peter Schobel; +Cc: netfilter
Hmmm . . . your rules do indeed look wide open. Have you double checked
silly things like making sure all the policies are ACCEPT and squid can
resolve names using DNS? Is there any chance that squid does not like
2.6?
On Mon, 2004-01-12 at 15:57, Peter Schobel wrote:
> If i access the proxyhost directly on port 80 i can see the request to
> the local host on 3128 and then i see a request from the local host to
> the remote proxy site and everything works fine - the squid log shows
> the access. I'm not really sure what to do at this point i've been
> trying any rule i can think of and i have a bunch of logging rules in
> now to try to figure out what's going wrong but i'm not getting any
> more information than what you see below.
>
> If i can't get this working by the end of the night, i'll probably have
> no choice but to format reinstall and try to get back to a working
> configuration which i really don't want to do because i have a lot of
> software installed and configured on that machine that i will have to
> rebuild.
>
> Peter Schobel
> ~
>
> On Monday, January 12, 2004, at 03:04 PM, Peter Schobel wrote:
>
> > it appears to me as if it's redirecting to port 3128 but its not
> > getting a reply from squid - the squid access log does not show the
> > access at all as if it never received the packet
> >
> >
> > Jan 12 14:52:21 proxyhost IN=eth0 OUT=
> > MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163
> > DST=216.239.37.104 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=47715 DF
> > PROTO=TCP SPT=53036 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
> > Jan 12 14:52:21 proxyhost IN=eth0 OUT=
> > MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163
> > DST=10.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=47715 DF PROTO=TCP
> > SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
> > Jan 12 14:52:24 proxyhost IN=eth0 OUT=
> > MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163 DST=
> > 10.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=47717 DF PROTO=TCP
> > SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
> > Jan 12 14:52:27 proxyhost IN=eth0 OUT=
> > MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163 DST=
> > 10.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=47719 DF PROTO=TCP
> > SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
> > Jan 12 14:52:30 proxyhost IN=eth0 OUT=
> > MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163 DST=
> > 10.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=47721 DF PROTO=TCP
> > SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
> > Jan 12 14:52:33 proxyhost IN=eth0 OUT=
> > MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163 DST=
> > 10.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=47724 DF PROTO=TCP
> > SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
> > Jan 12 14:52:36 proxyhost IN=eth0 OUT=
> > MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163 DST=
> > 10.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=47726 DF PROTO=TCP
> > SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
> > Jan 12 14:52:42 proxyhost IN=eth0 OUT=
> > MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163 DST=
> > 10.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=47739 DF PROTO=TCP
> > SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
> > Jan 12 14:52:54 proxyhost IN=eth0 OUT=
> > MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163 DST=
> > 10.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=47743 DF PROTO=TCP
> > SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
> >
> > On Saturday, January 10, 2004, at 12:26 AM, Alistair Tonner wrote:
> >>
> >> Have you tried LOGging the INPUT chain for both 80 and 3128?
> >> Or, perhaps more thorough, put a LOG rule in PREROUTING
> >> before the REDIRECT/DNAT rule to log what you will change,
> >> and since your destination is local, a LOG rule at the top of INPUT
> >> to catch *everything* for the interim? -- then see at what point
> >> the packets are actually disappearing.
> >>
> >
> >
> >
> *****************************
> Peter Schobel
> Network Administrator
> Porchlight.ca
> Unlimited Internet
> *****************************
> In a world without walls or fences
> We will have no need for gates or windows
> *****************************
--
John A. Sullivan III
Chief Technology Officer
Nexus Management
+1 207-985-7880
john.sullivan@nexusmgmt.com
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Problems with Transparent Proxy using IPTables, Squid and 2.6 kernel
2004-01-12 21:31 ` John A. Sullivan III
@ 2004-01-12 22:45 ` Peter Schobel
2004-01-13 5:47 ` Arthur Meyer
0 siblings, 1 reply; 24+ messages in thread
From: Peter Schobel @ 2004-01-12 22:45 UTC (permalink / raw)
To: netfilter
yes all policies are set to ACCEPT and I assume that squid is working
fine since it works well by using the proxyhost on port 80 and 3128 or
by manually configuring the proxy in the browser
On Monday, January 12, 2004, at 04:31 PM, John A. Sullivan III wrote:
> Hmmm . . . your rules do indeed look wide open. Have you double
> checked
> silly things like making sure all the policies are ACCEPT and squid can
> resolve names using DNS? Is there any chance that squid does not like
> 2.6?
>
> On Mon, 2004-01-12 at 15:57, Peter Schobel wrote:
>> If i access the proxyhost directly on port 80 i can see the request to
>> the local host on 3128 and then i see a request from the local host to
>> the remote proxy site and everything works fine - the squid log shows
>> the access. I'm not really sure what to do at this point i've been
>> trying any rule i can think of and i have a bunch of logging rules in
>> now to try to figure out what's going wrong but i'm not getting any
>> more information than what you see below.
>>
>> If i can't get this working by the end of the night, i'll probably
>> have
>> no choice but to format reinstall and try to get back to a working
>> configuration which i really don't want to do because i have a lot of
>> software installed and configured on that machine that i will have to
>> rebuild.
>>
>> Peter Schobel
>> ~
>>
>> On Monday, January 12, 2004, at 03:04 PM, Peter Schobel wrote:
>>
>>> it appears to me as if it's redirecting to port 3128 but its not
>>> getting a reply from squid - the squid access log does not show the
>>> access at all as if it never received the packet
>>>
>>>
>>> Jan 12 14:52:21 proxyhost IN=eth0 OUT=
>>> MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163
>>> DST=216.239.37.104 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=47715 DF
>>> PROTO=TCP SPT=53036 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
>>> Jan 12 14:52:21 proxyhost IN=eth0 OUT=
>>> MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163
>>> DST=10.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=47715 DF PROTO=TCP
>>> SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
>>> Jan 12 14:52:24 proxyhost IN=eth0 OUT=
>>> MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163 DST=
>>> 10.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=47717 DF PROTO=TCP
>>> SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
>>> Jan 12 14:52:27 proxyhost IN=eth0 OUT=
>>> MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163 DST=
>>> 10.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=47719 DF PROTO=TCP
>>> SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
>>> Jan 12 14:52:30 proxyhost IN=eth0 OUT=
>>> MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163 DST=
>>> 10.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=47721 DF PROTO=TCP
>>> SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
>>> Jan 12 14:52:33 proxyhost IN=eth0 OUT=
>>> MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163 DST=
>>> 10.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=47724 DF PROTO=TCP
>>> SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
>>> Jan 12 14:52:36 proxyhost IN=eth0 OUT=
>>> MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163 DST=
>>> 10.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=47726 DF PROTO=TCP
>>> SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
>>> Jan 12 14:52:42 proxyhost IN=eth0 OUT=
>>> MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163 DST=
>>> 10.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=47739 DF PROTO=TCP
>>> SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
>>> Jan 12 14:52:54 proxyhost IN=eth0 OUT=
>>> MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163 DST=
>>> 10.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=47743 DF PROTO=TCP
>>> SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
>>>
>>> On Saturday, January 10, 2004, at 12:26 AM, Alistair Tonner wrote:
>>>>
>>>> Have you tried LOGging the INPUT chain for both 80 and 3128?
>>>> Or, perhaps more thorough, put a LOG rule in PREROUTING
>>>> before the REDIRECT/DNAT rule to log what you will change,
>>>> and since your destination is local, a LOG rule at the top of INPUT
>>>> to catch *everything* for the interim? -- then see at what point
>>>> the packets are actually disappearing.
>>>>
>>>
>>>
>>>
>> *****************************
>> Peter Schobel
>> Network Administrator
>> Porchlight.ca
>> Unlimited Internet
>> *****************************
>> In a world without walls or fences
>> We will have no need for gates or windows
>> *****************************
> --
> John A. Sullivan III
> Chief Technology Officer
> Nexus Management
> +1 207-985-7880
> john.sullivan@nexusmgmt.com
>
>
*****************************
Peter Schobel
Network Administrator
Porchlight.ca
Unlimited Internet
*****************************
In a world without walls or fences
We will have no need for gates or windows
*****************************
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Problems with Transparent Proxy using IPTables, Squid and 2.6 kernel
2004-01-12 22:45 ` Peter Schobel
@ 2004-01-13 5:47 ` Arthur Meyer
0 siblings, 0 replies; 24+ messages in thread
From: Arthur Meyer @ 2004-01-13 5:47 UTC (permalink / raw)
To: netfilter
Have you compiled netfilter with the option --with linux netfilter and set the
transparent proxy instructions in squid?
Arthur
On Monday 12 January 2004 23:45, Peter Schobel wrote:
> yes all policies are set to ACCEPT and I assume that squid is working
> fine since it works well by using the proxyhost on port 80 and 3128 or
> by manually configuring the proxy in the browser
>
> On Monday, January 12, 2004, at 04:31 PM, John A. Sullivan III wrote:
> > Hmmm . . . your rules do indeed look wide open. Have you double
> > checked
> > silly things like making sure all the policies are ACCEPT and squid can
> > resolve names using DNS? Is there any chance that squid does not like
> > 2.6?
> >
> > On Mon, 2004-01-12 at 15:57, Peter Schobel wrote:
> >> If i access the proxyhost directly on port 80 i can see the request to
> >> the local host on 3128 and then i see a request from the local host to
> >> the remote proxy site and everything works fine - the squid log shows
> >> the access. I'm not really sure what to do at this point i've been
> >> trying any rule i can think of and i have a bunch of logging rules in
> >> now to try to figure out what's going wrong but i'm not getting any
> >> more information than what you see below.
> >>
> >> If i can't get this working by the end of the night, i'll probably
> >> have
> >> no choice but to format reinstall and try to get back to a working
> >> configuration which i really don't want to do because i have a lot of
> >> software installed and configured on that machine that i will have to
> >> rebuild.
> >>
> >> Peter Schobel
> >> ~
> >>
> >> On Monday, January 12, 2004, at 03:04 PM, Peter Schobel wrote:
> >>> it appears to me as if it's redirecting to port 3128 but its not
> >>> getting a reply from squid - the squid access log does not show the
> >>> access at all as if it never received the packet
> >>>
> >>>
> >>> Jan 12 14:52:21 proxyhost IN=eth0 OUT=
> >>> MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163
> >>> DST=216.239.37.104 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=47715 DF
> >>> PROTO=TCP SPT=53036 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
> >>> Jan 12 14:52:21 proxyhost IN=eth0 OUT=
> >>> MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163
> >>> DST=10.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=47715 DF PROTO=TCP
> >>> SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
> >>> Jan 12 14:52:24 proxyhost IN=eth0 OUT=
> >>> MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163 DST=
> >>> 10.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=47717 DF PROTO=TCP
> >>> SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
> >>> Jan 12 14:52:27 proxyhost IN=eth0 OUT=
> >>> MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163 DST=
> >>> 10.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=47719 DF PROTO=TCP
> >>> SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
> >>> Jan 12 14:52:30 proxyhost IN=eth0 OUT=
> >>> MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163 DST=
> >>> 10.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=47721 DF PROTO=TCP
> >>> SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
> >>> Jan 12 14:52:33 proxyhost IN=eth0 OUT=
> >>> MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163 DST=
> >>> 10.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=47724 DF PROTO=TCP
> >>> SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
> >>> Jan 12 14:52:36 proxyhost IN=eth0 OUT=
> >>> MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163 DST=
> >>> 10.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=47726 DF PROTO=TCP
> >>> SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
> >>> Jan 12 14:52:42 proxyhost IN=eth0 OUT=
> >>> MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163 DST=
> >>> 10.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=47739 DF PROTO=TCP
> >>> SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
> >>> Jan 12 14:52:54 proxyhost IN=eth0 OUT=
> >>> MAC=00:04:75:fb:a6:e1:00:d0:52:04:43:5a:08:00 SRC=64.187.35.163 DST=
> >>> 10.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=63 ID=47743 DF PROTO=TCP
> >>> SPT=53036 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0
> >>>
> >>> On Saturday, January 10, 2004, at 12:26 AM, Alistair Tonner wrote:
> >>>> Have you tried LOGging the INPUT chain for both 80 and 3128?
> >>>> Or, perhaps more thorough, put a LOG rule in PREROUTING
> >>>> before the REDIRECT/DNAT rule to log what you will change,
> >>>> and since your destination is local, a LOG rule at the top of INPUT
> >>>> to catch *everything* for the interim? -- then see at what point
> >>>> the packets are actually disappearing.
> >>
> >> *****************************
> >> Peter Schobel
> >> Network Administrator
> >> Porchlight.ca
> >> Unlimited Internet
> >> *****************************
> >> In a world without walls or fences
> >> We will have no need for gates or windows
> >> *****************************
> >
> > --
> > John A. Sullivan III
> > Chief Technology Officer
> > Nexus Management
> > +1 207-985-7880
> > john.sullivan@nexusmgmt.com
>
> *****************************
> Peter Schobel
> Network Administrator
> Porchlight.ca
> Unlimited Internet
> *****************************
> In a world without walls or fences
> We will have no need for gates or windows
> *****************************
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Problems with Transparent Proxy using IPTables, Squid and 2.6 kernel
2004-01-11 17:00 ` Mark E. Donaldson
@ 2004-01-12 20:09 ` Peter Schobel
0 siblings, 0 replies; 24+ messages in thread
From: Peter Schobel @ 2004-01-12 20:09 UTC (permalink / raw)
To: netfilter
I tried your rule - it didn't help but from my understanding i
shouldn't need rules like that since my input , output and forward
policies are set to default ACCEPT
Peter Schobel
On Sunday, January 11, 2004, at 12:00 PM, Mark E. Donaldson wrote:
> I haven't been following all of this Peter, but it would seem you now
> need
> to add a rule allow the packets to get through the FORWARD chain now
> that
> they have been successfully REDIRECTED. Try something like:
>
> $IPT -t filter -A FORWARD -i eth0 -p tcp --dport 3128 -j ACCEPT
>
> -----Original Message-----
> From: netfilter-admin@lists.netfilter.org
> [mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Peter Schobel
> Sent: Friday, January 09, 2004 6:09 PM
> To: netfilter@lists.netfilter.org
> Subject: Re: Problems with Transparent Proxy using IPTables, Squid and
> 2.6
> kernel
>
> ok, I removed the error line and the cat autoconf line from the
> config.h and
> got iptables 1.2.9 to compile against my kernel source and headers and
> reinstalled
>
> if i turn on ip_forward and try to access external sites, i get
> forwarded
> through to the external page without problem
>
> if i enable the iptables rule
>
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
> --to-port 3128
>
> my pages just time out when i try to access external sites
>
> but if i try to access the proxyhost directly using http, it redirects
> me to
> the proxy site without problem
>
> i get exactly the same results using this rule
>
> iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT
> --to-destination
> $LOCALHOST:3128
>
> does anyone have any idea why traffic destined for external sites will
> not
> transparently redirect to squid for me?
>
> does anyone have any idea as to what further steps I can take to
> troubleshoot this problem?
>
> Thx in advance,
>
> Peter Schobel
>
> On Thursday, January 8, 2004, at 09:33 PM, Alistair Tonner wrote:
>
>> On January 8, 2004 03:05 pm, Peter Schobel wrote:
>>> ok, I downloaded the source ball for iptables 1.2.9, and compiled
>>> using
>>>
>>> make KERNEL_DIR=/usr/src/linux-2.6.0-1.107
>>>
>>> i got an error from config.h telling me to use the glibc version so i
>>> symlinked /usr/src/linux-2.6.0-1.107 to /usr/include/linux/config.h
>>>
>>> then i compiled successfully and installed using
>>>
>>> make install KERNEL_DIR=/usr/src/linux-2.6.0-1.107
>>>
>>> without incident
>>>
>>> i checked the timestamp on the iptables binary to make sure that it
>>> had been overwritten
>>>
>>> I rmmod'd all the iptables modules and then reloaded my iptables rule
>>>
>>> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
>>> --to-port 3128
>>>
>>
>> Ummm ... I don't understand where the error came from.... I'm using
> a
>> slackware based box with many upgrades
>> (gcc glibc binutils and modutils....) my switch from 2.4.23 to 2.6.0
>
>> required a binutils and modutils
>> upgrade FIRST -- I would hope that RPM dependencies are in place to
>> enforce this as it will likely
>> apply to your situation ... when I rebuilt iptables source it went
>> painlessly --- no error from config.h.
>>
>> I *DONT* like the relink .. I've a feeling this will break some
>> inportant defines....
>>
>> what do you get for modprobe --version and ld -v ?
>> I suspect your modutils is incorrect for 2.6.0
>>
>>> lsmod gives me
>>>
>>> Module Size Used by
>>> ipt_REDIRECT 2048 1
>>> iptable_nat 20140 2 ipt_REDIRECT
>>> ip_tables 15104 2 ipt_REDIRECT,iptable_nat
>>> ip_conntrack 28464 2 ipt_REDIRECT,iptable_nat
>>>
>>> iptables -t nat -L gives me
>>>
>>> Chain PREROUTING (policy ACCEPT)
>>> target prot opt source destination
>>> REDIRECT tcp -- anywhere anywhere tcp
>>> dpt:http redir ports 3128
>>>
>>> Chain POSTROUTING (policy ACCEPT)
>>> target prot opt source destination
>>>
>>> Chain OUTPUT (policy ACCEPT)
>>> target prot opt source destination
>>>
>>> testing it reveals that it is still not working - did i do anything
>>> wrong in the above steps? what further steps would you recommend to
>>> troubleshoot this problem?
>>>
>>> Peter Schobel
>>> ~
>>
>>
> *****************************
> Peter Schobel
> Network Administrator
> Porchlight.ca
> Unlimited Internet
> *****************************
> In a world without walls or fences
> We will have no need for gates or windows
> *****************************
>
>
>
>
*****************************
Peter Schobel
Network Administrator
Porchlight.ca
Unlimited Internet
*****************************
In a world without walls or fences
We will have no need for gates or windows
*****************************
^ permalink raw reply [flat|nested] 24+ messages in thread
* RE: Problems with Transparent Proxy using IPTables, Squid and 2.6 kernel
2004-01-10 2:08 ` Peter Schobel
2004-01-10 5:26 ` Unknown, Alistair Tonner
@ 2004-01-11 17:00 ` Mark E. Donaldson
2004-01-12 20:09 ` Peter Schobel
1 sibling, 1 reply; 24+ messages in thread
From: Mark E. Donaldson @ 2004-01-11 17:00 UTC (permalink / raw)
To: 'Peter Schobel', netfilter
I haven't been following all of this Peter, but it would seem you now need
to add a rule allow the packets to get through the FORWARD chain now that
they have been successfully REDIRECTED. Try something like:
$IPT -t filter -A FORWARD -i eth0 -p tcp --dport 3128 -j ACCEPT
-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Peter Schobel
Sent: Friday, January 09, 2004 6:09 PM
To: netfilter@lists.netfilter.org
Subject: Re: Problems with Transparent Proxy using IPTables, Squid and 2.6
kernel
ok, I removed the error line and the cat autoconf line from the config.h and
got iptables 1.2.9 to compile against my kernel source and headers and
reinstalled
if i turn on ip_forward and try to access external sites, i get forwarded
through to the external page without problem
if i enable the iptables rule
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128
my pages just time out when i try to access external sites
but if i try to access the proxyhost directly using http, it redirects me to
the proxy site without problem
i get exactly the same results using this rule
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination
$LOCALHOST:3128
does anyone have any idea why traffic destined for external sites will not
transparently redirect to squid for me?
does anyone have any idea as to what further steps I can take to
troubleshoot this problem?
Thx in advance,
Peter Schobel
On Thursday, January 8, 2004, at 09:33 PM, Alistair Tonner wrote:
> On January 8, 2004 03:05 pm, Peter Schobel wrote:
>> ok, I downloaded the source ball for iptables 1.2.9, and compiled
>> using
>>
>> make KERNEL_DIR=/usr/src/linux-2.6.0-1.107
>>
>> i got an error from config.h telling me to use the glibc version so i
>> symlinked /usr/src/linux-2.6.0-1.107 to /usr/include/linux/config.h
>>
>> then i compiled successfully and installed using
>>
>> make install KERNEL_DIR=/usr/src/linux-2.6.0-1.107
>>
>> without incident
>>
>> i checked the timestamp on the iptables binary to make sure that it
>> had been overwritten
>>
>> I rmmod'd all the iptables modules and then reloaded my iptables rule
>>
>> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
>> --to-port 3128
>>
>
> Ummm ... I don't understand where the error came from.... I'm using
a
> slackware based box with many upgrades
> (gcc glibc binutils and modutils....) my switch from 2.4.23 to 2.6.0
> required a binutils and modutils
> upgrade FIRST -- I would hope that RPM dependencies are in place to
> enforce this as it will likely
> apply to your situation ... when I rebuilt iptables source it went
> painlessly --- no error from config.h.
>
> I *DONT* like the relink .. I've a feeling this will break some
> inportant defines....
>
> what do you get for modprobe --version and ld -v ?
> I suspect your modutils is incorrect for 2.6.0
>
>> lsmod gives me
>>
>> Module Size Used by
>> ipt_REDIRECT 2048 1
>> iptable_nat 20140 2 ipt_REDIRECT
>> ip_tables 15104 2 ipt_REDIRECT,iptable_nat
>> ip_conntrack 28464 2 ipt_REDIRECT,iptable_nat
>>
>> iptables -t nat -L gives me
>>
>> Chain PREROUTING (policy ACCEPT)
>> target prot opt source destination
>> REDIRECT tcp -- anywhere anywhere tcp
>> dpt:http redir ports 3128
>>
>> Chain POSTROUTING (policy ACCEPT)
>> target prot opt source destination
>>
>> Chain OUTPUT (policy ACCEPT)
>> target prot opt source destination
>>
>> testing it reveals that it is still not working - did i do anything
>> wrong in the above steps? what further steps would you recommend to
>> troubleshoot this problem?
>>
>> Peter Schobel
>> ~
>
>
*****************************
Peter Schobel
Network Administrator
Porchlight.ca
Unlimited Internet
*****************************
In a world without walls or fences
We will have no need for gates or windows
*****************************
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Problems with Transparent Proxy using IPTables, Squid and 2.6 kernel
2004-01-10 2:08 ` Peter Schobel
@ 2004-01-10 5:26 ` Unknown, Alistair Tonner
2004-01-11 17:00 ` Mark E. Donaldson
1 sibling, 0 replies; 24+ messages in thread
From: Unknown, Alistair Tonner @ 2004-01-10 5:26 UTC (permalink / raw)
To: Peter Schobel, netfilter
On January 9, 2004 09:08 pm, Peter Schobel wrote:
> ok, I removed the error line and the cat autoconf line from the
> config.h and got iptables 1.2.9 to compile against my kernel source and
> headers and reinstalled
>
> if i turn on ip_forward and try to access external sites, i get
> forwarded through to the external page without problem
>
> if i enable the iptables rule
>
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
> --to-port 3128
>
> my pages just time out when i try to access external sites
>
> but if i try to access the proxyhost directly using http, it redirects
> me to the proxy site without problem
>
> i get exactly the same results using this rule
>
> iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT
> --to-destination $LOCALHOST:3128
>
> does anyone have any idea why traffic destined for external sites will
> not transparently redirect to squid for me?
>
> does anyone have any idea as to what further steps I can take to
> troubleshoot this problem?
>
Have you tried LOGging the INPUT chain for both 80 and 3128?
Or, perhaps more thorough, put a LOG rule in PREROUTING
before the REDIRECT/DNAT rule to log what you will change,
and since your destination is local, a LOG rule at the top of INPUT
to catch *everything* for the interim? -- then see at what point
the packets are actually disappearing.
I'm not sure I understand why this should be a problem...
FWIW -- when I rebuilt iptables (1.2.9) against kernel 2.6.0 my
/usr/include/linux contained the headers from a 2.4.19 kernel .. .and
this is what my gcc was built against. I believe that you need to have
the /usr/include/linux that existed when gcc was built in there ... but
someone who knows more about compilers than I might thump me on the
skull for that ... I'm *NOT* 100% sure about the interdependencies...
Alistair Tonner ...
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Problems with Transparent Proxy using IPTables, Squid and 2.6 kernel
[not found] <200401082133.38574.Alistair Tonner <>
2004-01-09 3:58 ` Peter Schobel
@ 2004-01-10 2:08 ` Peter Schobel
2004-01-10 5:26 ` Unknown, Alistair Tonner
2004-01-11 17:00 ` Mark E. Donaldson
1 sibling, 2 replies; 24+ messages in thread
From: Peter Schobel @ 2004-01-10 2:08 UTC (permalink / raw)
To: netfilter
ok, I removed the error line and the cat autoconf line from the
config.h and got iptables 1.2.9 to compile against my kernel source and
headers and reinstalled
if i turn on ip_forward and try to access external sites, i get
forwarded through to the external page without problem
if i enable the iptables rule
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128
my pages just time out when i try to access external sites
but if i try to access the proxyhost directly using http, it redirects
me to the proxy site without problem
i get exactly the same results using this rule
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT
--to-destination $LOCALHOST:3128
does anyone have any idea why traffic destined for external sites will
not transparently redirect to squid for me?
does anyone have any idea as to what further steps I can take to
troubleshoot this problem?
Thx in advance,
Peter Schobel
On Thursday, January 8, 2004, at 09:33 PM, Alistair Tonner wrote:
> On January 8, 2004 03:05 pm, Peter Schobel wrote:
>> ok, I downloaded the source ball for iptables 1.2.9, and compiled
>> using
>>
>> make KERNEL_DIR=/usr/src/linux-2.6.0-1.107
>>
>> i got an error from config.h telling me to use the glibc version so i
>> symlinked /usr/src/linux-2.6.0-1.107 to /usr/include/linux/config.h
>>
>> then i compiled successfully and installed using
>>
>> make install KERNEL_DIR=/usr/src/linux-2.6.0-1.107
>>
>> without incident
>>
>> i checked the timestamp on the iptables binary to make sure that it
>> had
>> been overwritten
>>
>> I rmmod'd all the iptables modules and then reloaded my iptables rule
>>
>> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
>> --to-port 3128
>>
>
> Ummm ... I don't understand where the error came from.... I'm using a
> slackware based box with many upgrades
> (gcc glibc binutils and modutils....) my switch from 2.4.23 to 2.6.0
> required a binutils and modutils
> upgrade FIRST -- I would hope that RPM dependencies are in place to
> enforce this as it will likely
> apply to your situation ... when I rebuilt iptables source it went
> painlessly --- no error from config.h.
>
> I *DONT* like the relink .. I've a feeling this will break some
> inportant defines....
>
> what do you get for modprobe --version and ld -v ?
> I suspect your modutils is incorrect for 2.6.0
>
>> lsmod gives me
>>
>> Module Size Used by
>> ipt_REDIRECT 2048 1
>> iptable_nat 20140 2 ipt_REDIRECT
>> ip_tables 15104 2 ipt_REDIRECT,iptable_nat
>> ip_conntrack 28464 2 ipt_REDIRECT,iptable_nat
>>
>> iptables -t nat -L gives me
>>
>> Chain PREROUTING (policy ACCEPT)
>> target prot opt source destination
>> REDIRECT tcp -- anywhere anywhere tcp
>> dpt:http redir ports 3128
>>
>> Chain POSTROUTING (policy ACCEPT)
>> target prot opt source destination
>>
>> Chain OUTPUT (policy ACCEPT)
>> target prot opt source destination
>>
>> testing it reveals that it is still not working - did i do anything
>> wrong in the above steps? what further steps would you recommend to
>> troubleshoot this problem?
>>
>> Peter Schobel
>> ~
>
>
*****************************
Peter Schobel
Network Administrator
Porchlight.ca
Unlimited Internet
*****************************
In a world without walls or fences
We will have no need for gates or windows
*****************************
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Problems with Transparent Proxy using IPTables, Squid and 2.6 kernel
[not found] <200401090950.56343.Alistair Tonner <>
@ 2004-01-09 16:57 ` Peter Schobel
0 siblings, 0 replies; 24+ messages in thread
From: Peter Schobel @ 2004-01-09 16:57 UTC (permalink / raw)
To: netfilter
#error including kernel header in userspace; use the glibc headers
instead!
On Friday, January 9, 2004, at 09:50 AM, Alistair Tonner wrote:
> On January 8, 2004 10:58 pm, Peter Schobel wrote:
>> On Thursday, January 8, 2004, at 09:33 PM, Alistair Tonner wrote:
>>> what do you get for modprobe --version and ld -v ?
>>> I suspect your modutils is incorrect for 2.6.0
>>
>> modprobe --version
>> module-init-tools version 0.9.12
>>
>> ld -v
>> GNU ld version 2.13.90.0.18 20030206
>
> Okay .. those are both good --
>
> is the error you are getting
> "WARNING : dont include kernel headers in userspace"
> ?
>
> Alistair
>>
>>
>> *****************************
>> Peter Schobel
>> Network Administrator
>> Porchlight.ca
>> Unlimited Internet
>> *****************************
>> In a world without walls or fences
>> We will have no need for gates or windows
>> *****************************
>
>
*****************************
Peter Schobel
Network Administrator
Porchlight.ca
Unlimited Internet
*****************************
In a world without walls or fences
We will have no need for gates or windows
*****************************
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Problems with Transparent Proxy using IPTables, Squid and 2.6 kernel
2004-01-09 3:58 ` Peter Schobel
@ 2004-01-09 14:50 ` Unknown, Alistair Tonner
0 siblings, 0 replies; 24+ messages in thread
From: Unknown, Alistair Tonner @ 2004-01-09 14:50 UTC (permalink / raw)
To: Peter Schobel, netfilter
On January 8, 2004 10:58 pm, Peter Schobel wrote:
> On Thursday, January 8, 2004, at 09:33 PM, Alistair Tonner wrote:
> > what do you get for modprobe --version and ld -v ?
> > I suspect your modutils is incorrect for 2.6.0
>
> modprobe --version
> module-init-tools version 0.9.12
>
> ld -v
> GNU ld version 2.13.90.0.18 20030206
Okay .. those are both good --
is the error you are getting
"WARNING : dont include kernel headers in userspace"
?
Alistair
>
>
> *****************************
> Peter Schobel
> Network Administrator
> Porchlight.ca
> Unlimited Internet
> *****************************
> In a world without walls or fences
> We will have no need for gates or windows
> *****************************
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Problems with Transparent Proxy using IPTables, Squid and 2.6 kernel
[not found] <200401082133.38574.Alistair Tonner <>
@ 2004-01-09 3:58 ` Peter Schobel
2004-01-09 14:50 ` Unknown, Alistair Tonner
2004-01-10 2:08 ` Peter Schobel
1 sibling, 1 reply; 24+ messages in thread
From: Peter Schobel @ 2004-01-09 3:58 UTC (permalink / raw)
To: netfilter
On Thursday, January 8, 2004, at 09:33 PM, Alistair Tonner wrote:
> what do you get for modprobe --version and ld -v ?
> I suspect your modutils is incorrect for 2.6.0
modprobe --version
module-init-tools version 0.9.12
ld -v
GNU ld version 2.13.90.0.18 20030206
>
*****************************
Peter Schobel
Network Administrator
Porchlight.ca
Unlimited Internet
*****************************
In a world without walls or fences
We will have no need for gates or windows
*****************************
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Problems with Transparent Proxy using IPTables, Squid and 2.6 kernel
2004-01-08 20:05 ` Peter Schobel
2004-01-08 21:07 ` Antony Stone
@ 2004-01-09 2:33 ` Unknown, Alistair Tonner
1 sibling, 0 replies; 24+ messages in thread
From: Unknown, Alistair Tonner @ 2004-01-09 2:33 UTC (permalink / raw)
To: Peter Schobel, netfilter
On January 8, 2004 03:05 pm, Peter Schobel wrote:
> ok, I downloaded the source ball for iptables 1.2.9, and compiled using
>
> make KERNEL_DIR=/usr/src/linux-2.6.0-1.107
>
> i got an error from config.h telling me to use the glibc version so i
> symlinked /usr/src/linux-2.6.0-1.107 to /usr/include/linux/config.h
>
> then i compiled successfully and installed using
>
> make install KERNEL_DIR=/usr/src/linux-2.6.0-1.107
>
> without incident
>
> i checked the timestamp on the iptables binary to make sure that it had
> been overwritten
>
> I rmmod'd all the iptables modules and then reloaded my iptables rule
>
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
> --to-port 3128
>
Ummm ... I don't understand where the error came from.... I'm using a slackware based box with many upgrades
(gcc glibc binutils and modutils....) my switch from 2.4.23 to 2.6.0 required a binutils and modutils
upgrade FIRST -- I would hope that RPM dependencies are in place to enforce this as it will likely
apply to your situation ... when I rebuilt iptables source it went painlessly --- no error from config.h.
I *DONT* like the relink .. I've a feeling this will break some inportant defines....
what do you get for modprobe --version and ld -v ?
I suspect your modutils is incorrect for 2.6.0
> lsmod gives me
>
> Module Size Used by
> ipt_REDIRECT 2048 1
> iptable_nat 20140 2 ipt_REDIRECT
> ip_tables 15104 2 ipt_REDIRECT,iptable_nat
> ip_conntrack 28464 2 ipt_REDIRECT,iptable_nat
>
> iptables -t nat -L gives me
>
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
> REDIRECT tcp -- anywhere anywhere tcp
> dpt:http redir ports 3128
>
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> testing it reveals that it is still not working - did i do anything
> wrong in the above steps? what further steps would you recommend to
> troubleshoot this problem?
>
> Peter Schobel
> ~
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Problems with Transparent Proxy using IPTables, Squid and 2.6 kernel
2004-01-08 21:45 ` Sven Schuster
@ 2004-01-08 22:03 ` Peter Schobel
0 siblings, 0 replies; 24+ messages in thread
From: Peter Schobel @ 2004-01-08 22:03 UTC (permalink / raw)
To: netfilter
Thanks - that's encouraging
now i just have to figure out what's going wrong
Pete
~
On Thursday, January 8, 2004, at 04:45 PM, Sven Schuster wrote:
>
> Hello Peter,
>
> unfortunately I can't really help solving this problem, but at least
> I can tell that redirect and transparent proxying _should_ work on
> a 2.6.0 system cause I've been using it at home since 2.6.0 came out
> and even at -test stage I had no problems. My box is a RH 9 system
> with iptables 1.2.8.
>
> Sorry to have no more help for you... :(
>
> Sven
>
> --
> Linux zion 2.6.1-rc2 #2 Wed Jan 07 13:42:49 CET 2004 i686 athlon i386
> GNU/Linux
> 22:40:27 up 1 day, 3:45, 2 users, load average: 0.09, 0.05, 0.01
> <mime-attachment>
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Problems with Transparent Proxy using IPTables, Squid and 2.6 kernel
2004-01-08 21:07 ` Antony Stone
2004-01-08 21:45 ` Sven Schuster
@ 2004-01-08 21:56 ` Peter Schobel
1 sibling, 0 replies; 24+ messages in thread
From: Peter Schobel @ 2004-01-08 21:56 UTC (permalink / raw)
To: netfilter
On Thursday, January 8, 2004, at 04:07 PM, Antony Stone wrote:
> On Thursday 08 January 2004 8:05 pm, Peter Schobel wrote:
>
>> ok, I downloaded the source ball for iptables 1.2.9, and compiled
>> using
>>
>> make KERNEL_DIR=/usr/src/linux-2.6.0-1.107
>>
>> i got an error from config.h telling me to use the glibc version so i
>> symlinked /usr/src/linux-2.6.0-1.107 to /usr/include/linux/config.h
>
> I'm not sure I like the implications of this - what version of the
> kernel
> headers do you have in /usr/include/linux?
I'm using the kernel-source rpm package that matches my kernel package
kernel-source-2.6.0-1.107
this is what my original config.h file looks like
#ifndef _LINUX_CONFIG_H
#define _LINUX_CONFIG_H
#include <linux/autoconf.h>
#ifndef __KERNEL__
#error including kernel header in userspace; use the glibc headers
instead!
#endif
#endif
*****************************
Peter Schobel
Network Administrator
Porchlight.ca
Unlimited Internet
*****************************
In a world without walls or fences
We will have no need for gates or windows
*****************************
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Problems with Transparent Proxy using IPTables, Squid and 2.6 kernel
2004-01-08 21:07 ` Antony Stone
@ 2004-01-08 21:45 ` Sven Schuster
2004-01-08 22:03 ` Peter Schobel
2004-01-08 21:56 ` Peter Schobel
1 sibling, 1 reply; 24+ messages in thread
From: Sven Schuster @ 2004-01-08 21:45 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: text/plain, Size: 527 bytes --]
Hello Peter,
unfortunately I can't really help solving this problem, but at least
I can tell that redirect and transparent proxying _should_ work on
a 2.6.0 system cause I've been using it at home since 2.6.0 came out
and even at -test stage I had no problems. My box is a RH 9 system
with iptables 1.2.8.
Sorry to have no more help for you... :(
Sven
--
Linux zion 2.6.1-rc2 #2 Wed Jan 07 13:42:49 CET 2004 i686 athlon i386 GNU/Linux
22:40:27 up 1 day, 3:45, 2 users, load average: 0.09, 0.05, 0.01
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Problems with Transparent Proxy using IPTables, Squid and 2.6 kernel
2004-01-08 20:05 ` Peter Schobel
@ 2004-01-08 21:07 ` Antony Stone
2004-01-08 21:45 ` Sven Schuster
2004-01-08 21:56 ` Peter Schobel
2004-01-09 2:33 ` Unknown, Alistair Tonner
1 sibling, 2 replies; 24+ messages in thread
From: Antony Stone @ 2004-01-08 21:07 UTC (permalink / raw)
To: netfilter
On Thursday 08 January 2004 8:05 pm, Peter Schobel wrote:
> ok, I downloaded the source ball for iptables 1.2.9, and compiled using
>
> make KERNEL_DIR=/usr/src/linux-2.6.0-1.107
>
> i got an error from config.h telling me to use the glibc version so i
> symlinked /usr/src/linux-2.6.0-1.107 to /usr/include/linux/config.h
I'm not sure I like the implications of this - what version of the kernel
headers do you have in /usr/include/linux?
> then i compiled successfully and installed using
>
> make install KERNEL_DIR=/usr/src/linux-2.6.0-1.107
>
> without incident
> testing it reveals that it is still not working - did i do anything
> wrong in the above steps? what further steps would you recommend to
> troubleshoot this problem?
Hm. I'm not sure I can help further with this, but I know there are other
people on this list (Alistair?) who have been through this process and may be
able to offer more help than I can.
Regards,
Antony.
--
What is this talk of "software release"?
Our software evolves and matures until it is capable of escape, leaving a
bloody trail of designers and quality assurance people in its wake.
Please reply to the list;
please don't CC me.
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Problems with Transparent Proxy using IPTables, Squid and 2.6 kernel
2004-01-08 18:51 ` Antony Stone
@ 2004-01-08 20:05 ` Peter Schobel
2004-01-08 21:07 ` Antony Stone
2004-01-09 2:33 ` Unknown, Alistair Tonner
0 siblings, 2 replies; 24+ messages in thread
From: Peter Schobel @ 2004-01-08 20:05 UTC (permalink / raw)
To: netfilter
ok, I downloaded the source ball for iptables 1.2.9, and compiled using
make KERNEL_DIR=/usr/src/linux-2.6.0-1.107
i got an error from config.h telling me to use the glibc version so i
symlinked /usr/src/linux-2.6.0-1.107 to /usr/include/linux/config.h
then i compiled successfully and installed using
make install KERNEL_DIR=/usr/src/linux-2.6.0-1.107
without incident
i checked the timestamp on the iptables binary to make sure that it had
been overwritten
I rmmod'd all the iptables modules and then reloaded my iptables rule
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128
lsmod gives me
Module Size Used by
ipt_REDIRECT 2048 1
iptable_nat 20140 2 ipt_REDIRECT
ip_tables 15104 2 ipt_REDIRECT,iptable_nat
ip_conntrack 28464 2 ipt_REDIRECT,iptable_nat
iptables -t nat -L gives me
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere anywhere tcp
dpt:http redir ports 3128
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
testing it reveals that it is still not working - did i do anything
wrong in the above steps? what further steps would you recommend to
troubleshoot this problem?
Peter Schobel
~
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Problems with Transparent Proxy using IPTables, Squid and 2.6 kernel
2004-01-08 18:28 ` Peter Schobel
@ 2004-01-08 18:51 ` Antony Stone
2004-01-08 20:05 ` Peter Schobel
0 siblings, 1 reply; 24+ messages in thread
From: Antony Stone @ 2004-01-08 18:51 UTC (permalink / raw)
To: netfilter
On Thursday 08 January 2004 6:28 pm, Peter Schobel wrote:
> Dec 24, 2003: patch-o-matic 20031219 (for kernel >= 2.4.18, including
> 2.4.23)
> Please note that this release still does not yet support the
> just-released 2.6.0 kernel.
> Expect a so-called 'patch-o-matic-ng' release for 2.6.x support in the
> next couple of weeks.
>
> Does this mean that iptables will not work with 2.6 kernel? This seems
> unlikely to me - I think i'm understanding it incorrectly - please
> clarify
You are correct - it does not mean that iptables won't work with kernel 2.6.
It simply means that this version of patch-o-matic will not work with kernel
2.6 (which is understandable, considering that p-o-m patches the kernel...)
Antony.
--
Abandon hope, all ye who enter here.
You'll feel much better about things once you do.
Please reply to the list;
please don't CC me.
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Problems with Transparent Proxy using IPTables, Squid and 2.6 kernel
2004-01-08 17:35 ` Antony Stone
@ 2004-01-08 18:28 ` Peter Schobel
2004-01-08 18:51 ` Antony Stone
0 siblings, 1 reply; 24+ messages in thread
From: Peter Schobel @ 2004-01-08 18:28 UTC (permalink / raw)
To: netfilter
Dec 24, 2003: patch-o-matic 20031219 (for kernel >= 2.4.18, including
2.4.23)
Please note that this release still does not yet support the
just-released 2.6.0 kernel.
Expect a so-called 'patch-o-matic-ng' release for 2.6.x support in the
next couple of weeks.
Does this mean that iptables will not work with 2.6 kernel? This seems
unlikely to me - I think i'm understanding it incorrectly - please
clarify
Peter Schobel
~
On Thursday, January 8, 2004, at 12:35 PM, Antony Stone wrote:
> On Thursday 08 January 2004 5:28 pm, Peter Schobel wrote:
>
>> On Thursday, January 8, 2004, at 12:02 PM, Antony Stone wrote:
>>> On Thursday 08 January 2004 4:56 pm, Peter Schobel wrote:
>>>> I have a server that was running a transparent redirection proxy - i
>>>> was using 2.4.20 kernel on this system and i recently upgraded to
>>>> 2.6.0.107 kernel package for redhat 9
>>>>
>>>> Ever since i did the kernel upgrade the proxy does not work
>>>> correctly.
>>>
>>> Have you recompiled the userspace iptables to match the new
>>> kernelspace
>>> netfilter?
>>
>> No, I hadn't considered this. - I am using an rpm package
>> iptables-1.2.7a-2 - do you think this could be the problem?
>
> Yes, I do. The kernelspace netfilter and the userspace iptables must
> match
> in order for the two to work together.
>
>>> Does Squid seem to work correctly as a proxy if you configure your
>>> client
>>> browser to use it specifically, rather than doing it transparently?
>>
>> yes it works perfectly on port 80 as well as on port 3128 so the
>> redirection seems to be working - but the transparency does not
>
> That quite satisfactorily demonstrates that networking and Squid are
> not the
> problem then, so it's definitely netfilter/iptables.
>
> Just recompile iptables with your new kernel (and its associated
> header files)
> installed, and you should be back to normal.
>
> Antony.
>
> --
> The idea that Bill Gates appeared like a knight in shining armour to
> lead all
> customers out of a mire of technological chaos neatly ignores the fact
> that
> it was he who, by peddling second-rate technology, led them into it in
> the
> first place.
>
> - Douglas Adams in The Guardian, 25th August 1995
>
> Please reply to
> the list;
> please
> don't CC me.
>
>
>
*****************************
Peter Schobel
Network Administrator
Porchlight.ca
Unlimited Internet
*****************************
In a world without walls or fences
We will have no need for gates or windows
*****************************
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Problems with Transparent Proxy using IPTables, Squid and 2.6 kernel
2004-01-08 17:28 ` Peter Schobel
@ 2004-01-08 17:35 ` Antony Stone
2004-01-08 18:28 ` Peter Schobel
0 siblings, 1 reply; 24+ messages in thread
From: Antony Stone @ 2004-01-08 17:35 UTC (permalink / raw)
To: netfilter
On Thursday 08 January 2004 5:28 pm, Peter Schobel wrote:
> On Thursday, January 8, 2004, at 12:02 PM, Antony Stone wrote:
> > On Thursday 08 January 2004 4:56 pm, Peter Schobel wrote:
> >> I have a server that was running a transparent redirection proxy - i
> >> was using 2.4.20 kernel on this system and i recently upgraded to
> >> 2.6.0.107 kernel package for redhat 9
> >>
> >> Ever since i did the kernel upgrade the proxy does not work correctly.
> >
> > Have you recompiled the userspace iptables to match the new kernelspace
> > netfilter?
>
> No, I hadn't considered this. - I am using an rpm package
> iptables-1.2.7a-2 - do you think this could be the problem?
Yes, I do. The kernelspace netfilter and the userspace iptables must match
in order for the two to work together.
> > Does Squid seem to work correctly as a proxy if you configure your
> > client
> > browser to use it specifically, rather than doing it transparently?
>
> yes it works perfectly on port 80 as well as on port 3128 so the
> redirection seems to be working - but the transparency does not
That quite satisfactorily demonstrates that networking and Squid are not the
problem then, so it's definitely netfilter/iptables.
Just recompile iptables with your new kernel (and its associated header files)
installed, and you should be back to normal.
Antony.
--
The idea that Bill Gates appeared like a knight in shining armour to lead all
customers out of a mire of technological chaos neatly ignores the fact that
it was he who, by peddling second-rate technology, led them into it in the
first place.
- Douglas Adams in The Guardian, 25th August 1995
Please reply to the list;
please don't CC me.
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Problems with Transparent Proxy using IPTables, Squid and 2.6 kernel
2004-01-08 17:02 ` Antony Stone
@ 2004-01-08 17:28 ` Peter Schobel
2004-01-08 17:35 ` Antony Stone
0 siblings, 1 reply; 24+ messages in thread
From: Peter Schobel @ 2004-01-08 17:28 UTC (permalink / raw)
To: netfilter
On Thursday, January 8, 2004, at 12:02 PM, Antony Stone wrote:
> On Thursday 08 January 2004 4:56 pm, Peter Schobel wrote:
>
>> I have a server that was running a transparent redirection proxy - i
>> was using 2.4.20 kernel on this system and i recently upgraded to
>> 2.6.0.107 kernel package for redhat 9
>>
>> Ever since i did the kernel upgrade the proxy does not work correctly.
>
> Have you recompiled the userspace iptables to match the new kernelspace
> netfilter?
No, I hadn't considered this. - I am using an rpm package
iptables-1.2.7a-2 - do you think this could be the problem?
>
> Does Squid seem to work correctly as a proxy if you configure your
> client
> browser to use it specifically, rather than doing it transparently?
>
yes it works perfectly on port 80 as well as on port 3128 so the
redirection seems to be working - but the transparency does not
Peter Schobel
Network Administrator
Porchlight.ca
Unlimited Internet
*****************************
In a world without walls or fences
We will have no need for gates or windows
*****************************
^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: Problems with Transparent Proxy using IPTables, Squid and 2.6 kernel
2004-01-08 16:56 Peter Schobel
@ 2004-01-08 17:02 ` Antony Stone
2004-01-08 17:28 ` Peter Schobel
0 siblings, 1 reply; 24+ messages in thread
From: Antony Stone @ 2004-01-08 17:02 UTC (permalink / raw)
To: netfilter
On Thursday 08 January 2004 4:56 pm, Peter Schobel wrote:
> I have a server that was running a transparent redirection proxy - i
> was using 2.4.20 kernel on this system and i recently upgraded to
> 2.6.0.107 kernel package for redhat 9
>
> Ever since i did the kernel upgrade the proxy does not work correctly.
Have you recompiled the userspace iptables to match the new kernelspace
netfilter?
Does Squid seem to work correctly as a proxy if you configure your client
browser to use it specifically, rather than doing it transparently?
Antony.
--
If the human brain were so simple that we could understand it,
we'd be so simple that we couldn't.
Please reply to the list;
please don't CC me.
^ permalink raw reply [flat|nested] 24+ messages in thread
* Problems with Transparent Proxy using IPTables, Squid and 2.6 kernel
@ 2004-01-08 16:56 Peter Schobel
2004-01-08 17:02 ` Antony Stone
0 siblings, 1 reply; 24+ messages in thread
From: Peter Schobel @ 2004-01-08 16:56 UTC (permalink / raw)
To: netfilter
I have a server that was running a transparent redirection proxy - i
was using 2.4.20 kernel on this system and i recently upgraded to
2.6.0.107 kernel package for redhat 9
Ever since i did the kernel upgrade the proxy does not work correctly.
As far as I know, the kernel is configured properly
lsmod shows these iptables modules
Module Size Used by
ipt_REDIRECT 2048 0
iptable_nat 20140 1 ipt_REDIRECT
ip_conntrack 28464 2 ipt_REDIRECT,iptable_nat
iptable_filter 2688 0
ip_tables 15104 3 ipt_REDIRECT,iptable_nat,iptable_filter
my INPUT, FORWARD and OUTPUT policies are all set to accept
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
I am using this iptables rule
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128
my nat table looks like this
iptables -t nat --list
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- anywhere anywhere tcp
dpt:http redir ports 3128
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ip forwarding is enabled
cat /proc/sys/net/ipv4/ip_forward
1
squid is running on 3128 - the squid config looks like this
acl all src 0/0
visible_hostname proxyhost.porchlight.ca
http_port 3128
no_cache deny all
redirect_program /usr/local/bin/redirector.pl
redirect_children 5
redirect_rewrites_host_header on
redirector_access allow all
http_access allow all
http_reply_access allow all
httpd_accel_port 80
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
This configuration has not changed since before the kernel upgrade
except that there were a couple of rules preventing proxy access to the
outside world which I removed in order to make things as simple as
possible for debugging purposes
I can see by running snort that the packets destined for the remote
host are arriving on the interface
I can see using "iptables -t nat --list -v -n" that the number of
packets on the REDIRECT rule gets incremented by 1 each time I try to
access a remote site - but the browser just times out waiting for a
reply and the squid access.log does not record the access
If i type http://proxyhost.porchlight.ca into the address bar of the
browser, the port redirect works perfectly and squid redirects the
traffic to the proxied site without problem - it is only when I attempt
to access remote sites that the redirection does not work. As I
mentioned before - this was all working and tested previous to the
kernel upgrade.
I've been struggling with this for a couple days now. Does anyone have
any idea why this configuration is not working?
Thx in advance,
*****************************
Peter Schobel
Network Administrator
Porchlight.ca
Unlimited Internet
*****************************
In a world without walls or fences
We will have no need for gates or windows
*****************************
^ permalink raw reply [flat|nested] 24+ messages in thread
end of thread, other threads:[~2004-01-13 5:47 UTC | newest]
Thread overview: 24+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <200401100026.01870.Alistair Tonner <>
2004-01-12 20:04 ` Problems with Transparent Proxy using IPTables, Squid and 2.6 kernel Peter Schobel
2004-01-12 20:57 ` Peter Schobel
2004-01-12 21:31 ` John A. Sullivan III
2004-01-12 22:45 ` Peter Schobel
2004-01-13 5:47 ` Arthur Meyer
[not found] <200401082133.38574.Alistair Tonner <>
2004-01-09 3:58 ` Peter Schobel
2004-01-09 14:50 ` Unknown, Alistair Tonner
2004-01-10 2:08 ` Peter Schobel
2004-01-10 5:26 ` Unknown, Alistair Tonner
2004-01-11 17:00 ` Mark E. Donaldson
2004-01-12 20:09 ` Peter Schobel
[not found] <200401090950.56343.Alistair Tonner <>
2004-01-09 16:57 ` Peter Schobel
2004-01-08 16:56 Peter Schobel
2004-01-08 17:02 ` Antony Stone
2004-01-08 17:28 ` Peter Schobel
2004-01-08 17:35 ` Antony Stone
2004-01-08 18:28 ` Peter Schobel
2004-01-08 18:51 ` Antony Stone
2004-01-08 20:05 ` Peter Schobel
2004-01-08 21:07 ` Antony Stone
2004-01-08 21:45 ` Sven Schuster
2004-01-08 22:03 ` Peter Schobel
2004-01-08 21:56 ` Peter Schobel
2004-01-09 2:33 ` Unknown, Alistair Tonner
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.