Now I could able to see the packets logging in "access.log" of squid with the below configurations. But I have some issues and doubts on the below configurations even its working
Why we need the below ip rule configurations?
IP rules
_________
# IPv4-only
ip -f inet rule add fwmark 1 lookup 100
ip -f inet route add local default dev eth0 table 100
Iptables Rules
______________________
iptables -t mangle -N DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
My another concern is like even its working the browser is taking long time to respond. I could able to see the packets coming continuously on port 80 and count is getting increased in iptable rules. I really don't know what is happening and why its taking lot of time to respond.
I have pasted below tcpdump and squid access log for your reference. I think the packets are looping. Please provide your expert views on this.
tail -f /var/log/squid3/access.log
1376315965.142 182774 172.30.11.122 TCP_REFRESH_FAIL/200 676 GET
http://172.30.11.124/logs/sample.txt - DIRECT/172.30.11.124 text/plain [Host: 172.30.11.124\r\nUser-Agent: Mozilla/5.0 (X11; Linux i686; rv:10.0.12) Gecko/20130109 Firefox/10.0.12\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-us,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\nIf-Modified-Since: Fri, 26 Jul 2013 12:28:28 GMT\r\nIf-None-Match: "100007-32-4e26947a4e855"\r\n] [HTTP/1.1 200 OK\r\nDate: Fri, 02 Aug 2013 10:57:24 GMT\r\nServer: Apache/2.2.22 (Debian)\r\nLast-Modified: Fri, 26 Jul 2013 12:28:28 GMT\r\nETag: "100007-32-4e26947a4e855"\r\nAccept-Ranges: bytes\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 63\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/plain\r\n\r]
root@debian:~# tcpdump -i eth0 "port 80"
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
19:26:22.368227 IP 172.30.11.122.44827 > 172.30.11.124.http: Flags [S], seq 440858109, win 14600, options [mss 1460,s
ackOK,TS val 1116309460 ecr 0,nop,wscale 6], length 0
19:26:22.368272 IP 172.30.11.124.http > 172.30.11.122.44827: Flags [S.], seq 840821239, ack 440858110, win 14480, opt
ions [mss 1460,sackOK,TS val 2951944 ecr 1116309460,nop,wscale 5], length 0
19:26:22.368393 IP 172.30.11.122.44827 > 172.30.11.124.http: Flags [.], ack 1, win 229, options [nop,nop,TS val 11163
09461 ecr 2951944], length 0
19:26:22.368525 IP 172.30.11.122.44827 > 172.30.11.124.http: Flags [P.], seq 1:395, ack 1, win 229, options [nop,nop,
TS val 1116309461 ecr 2951944], length 394
19:26:22.368547 IP 172.30.11.124.http > 172.30.11.122.44827: Flags [.], ack 395, win 486, options [nop,nop,TS val 295
1944 ecr 1116309461], length 0
19:26:22.369129 IP 172.30.11.124.http > 172.30.11.122.56295: Flags [S.], seq 2465572647, ack 1855512778, win 14480, o
ptions [mss 1460,sackOK,TS val 2951944 ecr 2951944,nop,wscale 5], length 0
19:26:22.369250 IP 172.30.11.122.56295 > 172.30.11.124.http: Flags [R], seq 1855512778, win 0, length 0
19:26:23.365767 IP 172.30.11.124.http > 172.30.11.122.56295: Flags [S.], seq 2481145134, ack 1855512778, win 14480, o
ptions [mss 1460,sackOK,TS val 2952194 ecr 2952194,nop,wscale 5], length 0
19:26:23.365883 IP 172.30.11.122.56295 > 172.30.11.124.http: Flags [R], seq 1855512778, win 0, length 0
19:26:25.369769 IP 172.30.11.124.http > 172.30.11.122.56295: Flags [S.], seq 2512457658, ack 1855512778, win 14480, o
ptions [mss 1460,sackOK,TS val 2952695 ecr 2952695,nop,wscale 5], length 0
19:26:25.369887 IP 172.30.11.122.56295 > 172.30.11.124.http: Flags [R], seq 1855512778, win 0, length 0
19:26:29.373765 IP 172.30.11.124.http > 172.30.11.122.56295: Flags [S.], seq 2575020098, ack 1855512778, win 14480, o
ptions [mss 1460,sackOK,TS val 2953696 ecr 2953696,nop,wscale 5], length 0
19:26:29.373888 IP 172.30.11.122.56295 > 172.30.11.124.http: Flags [R], seq 1855512778, win 0, length 0
19:26:37.389769 IP 172.30.11.124.http > 172.30.11.122.56295: Flags [S.], seq 2700270130, ack 1855512778, win 14480, o
ptions [mss 1460,sackOK,TS val 2955700 ecr 2955700,nop,wscale 5], length 0
19:26:37.389889 IP 172.30.11.122.56295 > 172.30.11.124.http: Flags [R], seq 1855512778, win 0, length 0
19:26:53.437773 IP 172.30.11.124.http > 172.30.11.122.56295: Flags [S.], seq 2951020205, ack 1855512778, win 14480, options [mss 1460,sackOK,TS val 2959712 ecr 2959712,nop,wscale 5], length 0
19:26:53.437893 IP 172.30.11.122.56295 > 172.30.11.124.http: Flags [R], seq 1855512778, win 0, length 0
19:27:23.954235 IP 172.30.11.124.http > 172.30.11.122.34517: Flags [S.], seq 4191664604, ack 1175097171, win 14480, options [mss 1460,sackOK,TS val 2967341 ecr 2967341,nop,wscale 5], length 0
19:27:23.954360 IP 172.30.11.122.34517 > 172.30.11.124.http: Flags [R], seq 1175097171, win 0, length 0
19:27:24.953761 IP 172.30.11.124.http > 172.30.11.122.34517: Flags [S.], seq 4207282257, ack 1175097171, win 14480, options [mss 1460,sackOK,TS val 2967591 ecr 2967591,nop,wscale 5], length 0
19:27:24.953880 IP 172.30.11.122.34517 > 172.30.11.124.http: Flags [R], seq 1175097171, win 0, length 0