LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page Squid (proxy) 4.6: tcp_outgoing_address does not work.
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-12-2024, 09:28 AM   #1
C4H7Cl2O4P
LQ Newbie
 
Registered: Feb 2024
Posts: 5

Rep: Reputation: 0
Question Squid (proxy) 4.6: tcp_outgoing_address does not work.

In my local network (192.168.xxx.0/24) I have a PC whicj I'd like to use as a proxy server. I set up port forwarding from my router to this pc for port 8213, which I'd like to use as a proxy port.
I have GSM USB-modem (Huawei E153) connected to the PC which I can see as wlp2s4.
i install ppp connection to my mobile provideas with command <<nmcli connection up "ConnectionName" --ask < /dev/null >>

Here is what I have.
# uname -a
Linux hptro 4.19.0-18-686-pae #1 SMP Debian 4.19.208-1 (2021-09-29) i686 GNU/Linux
==========================================
# cat /etc/debian_version
10.11
==========================================
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
==========================================
# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp2s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:16:d4:a4:b2:97 brd ff:ff:ff:ff:ff:ff
inet 192.168.xxx.102/24 brd 192.168.xxx.255 scope global dynamic noprefixroute enp2s8
valid_lft 571sec preferred_lft 571sec
inet6 fe80::216:d4ff:fea4:b297/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: wlp2s4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:16:6f:c3:b9:fd brd ff:ff:ff:ff:ff:ff
5: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 3
link/ppp
inet 10.999.999.999 peer 10.64.64.64/32 scope global ppp0
valid_lft forever preferred_lft forever
inet 10.999.999.999/32 brd 10.999.999.999 scope global noprefixroute ppp0
valid_lft forever preferred_lft forever
==========================================
# squid -v
Squid Cache: Version 4.6
Service Name: squid
Debian linux
configure options: '--build=i686-linux-gnu'
'--prefix=/usr'
'--includedir=${prefix}/include'
'--mandir=${prefix}/share/man'
'--infodir=${prefix}/share/info'
'--sysconfdir=/etc'
'--localstatedir=/var'
'--libexecdir=${prefix}/lib/squid'
'--srcdir=.'
'--disable-maintainer-mode'
'--disable-dependency-tracking'
'--disable-silent-rules'
'BUILDCXXFLAGS=-g -O2 -fdebug-prefix-map=/build/reproducible-path/squid-4.6=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -latomic'
'BUILDCXX=i686-linux-gnu-g++'
'--with-build-environment=default'
'--enable-build-info=Debian linux'
'--datadir=/usr/share/squid'
'--sysconfdir=/etc/squid'
'--libexecdir=/usr/lib/squid'
'--mandir=/usr/share/man'
'--enable-inline'
'--disable-arch-native'
'--enable-async-io=8'
'--enable-storeio=ufs,aufs,diskd,rock'
'--enable-removal-policies=lru,heap'
'--enable-delay-pools'
'--enable-cache-digests'
'--enable-icap-client'
'--enable-follow-x-forwarded-for'
'--enable-auth-basic=DB,fake,getpwnam,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB'
'--enable-auth-digest=file,LDAP'
'--enable-auth-negotiate=kerberos,wrapper'
'--enable-auth-ntlm=fake,SMB_LM'
'--enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,time_quota,unix_group,wbinfo_ group'
'--enable-security-cert-validators=fake'
'--enable-storeid-rewrite-helpers=file'
'--enable-url-rewrite-helpers=fake'
'--enable-eui'
'--enable-esi'
'--enable-icmp'
'--enable-zph-qos'
'--enable-ecap'
'--disable-translation'
'--with-swapdir=/var/spool/squid'
'--with-logdir=/var/log/squid'
'--with-pidfile=/var/run/squid.pid'
'--with-filedescriptors=65536'
'--with-large-files'
'--with-default-user=proxy'
'--with-gnutls'
'--enable-linux-netfilter'
'build_alias=i686-linux-gnu'
'CC=i686-linux-gnu-gcc'
'CFLAGS=-g -O2 -fdebug-prefix-map=/build/reproducible-path/squid-4.6=. -fstack-protector-strong -Wformat -Werror=format-security -Wall'
'LDFLAGS=-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -latomic'
'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
'CXX=i686-linux-gnu-g++'
'CXXFLAGS=-g -O2 -fdebug-prefix-map=/build/reproducible-path/squid-4.6=. -fstack-protector-strong -Wformat -Werror=format-security'
==========================================
# cat squid.conf
acl localnet src 192.168.xxx.0/24
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 1025-65535 # unregistered ports
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access allow localhost manager
http_access deny manager
include /etc/squid/conf.d/*
http_access allow localnet
http_access deny all
http_port 8213
acl anyclient src all
http_access allow anyclient
tcp_outgoing_address 10.999.999.9 anyclient # <<<<<==================
cache_dir ufs /var/spool/squid 100 16 256
debug_options ALL,5
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
cache_effective_user squider
cache_effective_group squider
cache deny all
==========================================

Both on the PC's and other device in my local network I set up Firefox settings to use proxy server localhost:8213 and 192.168.xxx.pc:8213 accordingly. Squid proxy server receives their requests as I can see it in
/var/log/squid/access.log
/var/log/squid/cache.log
but it does not work even for http://neverssl.com/
/var/log/squid/access.log says:
1707731618.702 30458 192.168.xxx.other TCP_MISS/503 4430 GET http://neverssl.com/ - HIER_NONE/- text/html
1707749880.122 35 127.0.0.1 TCP_DENIED/403 4379 GET http://neverssl.com/ - HIER_NONE/- text/html

At the same time:
$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=117 time=37.2 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=117 time=23.6 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=117 time=23.8 ms

$ ping 8.8.8.8 -I ppp0
PING 8.8.8.8 (8.8.8.8) from 10.70.38.103 ppp0: 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=118 time=1809 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=118 time=808 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=118 time=209 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=118 time=206 ms

If I disconnect the PC from my local net (pull the wire out), then installed mobile connection works as default (whoer.net shows its real IP).

If I don't use tcp_outgoing_address then Squid proxy server works just fine, i mean it shares my cable connection (if I use proxy from outside as I forwarded port from my router)
What am I doing wrong ? What should I do to make squid proxy server go out through alternative connection?
 
Old 02-13-2024, 07:17 PM   #2
GlennsPref
Senior Member
 
Registered: Apr 2004
Location: Brisbane, Australia
Distribution: Devuan
Posts: 3,657
Blog Entries: 33

Rep: Reputation: 283Reputation: 283Reputation: 283
Hi, do you have /etc/sysctl.conf port forwarding set?

Code:
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1  # Enable forwarding (gateway)

# Uncomment the next line to enable packet forwarding for IPv6
#  Enabling this option disables Stateless Address Autoconfiguration
#  based on Router Advertisements for this host
net.ipv6.conf.all.forwarding=0 #off for vpn
I did not see any mention in your post, maybe this will help.

I'm no expert, regards...
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Squid:Difference tcp_outgoing_address and http_port noisette Linux - Security 0 04-26-2018 05:59 PM
squid tcp_outgoing_address feature not working naishal0748 Linux - Server 1 04-16-2015 08:50 AM
Squid: adding unique host_name to each tcp_outgoing_address cybersysop Linux - Software 2 10-02-2012 11:56 AM
squid tcp_outgoing_address yorbs8 Linux - Networking 0 05-24-2010 09:12 AM
configure squid proxy with microsoft proxy as a parent proxy nintykola Linux - Software 1 08-28-2007 01:38 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:40 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration