In my local network (192.168.xxx.0/24) I have a PC whicj I'd like to use as a proxy server. I set up port forwarding from my router to this pc for port 8213, which I'd like to use as a proxy port.
I have GSM USB-modem (Huawei E153) connected to the PC which I can see as wlp2s4.
i install ppp connection to my mobile provideas with command <<nmcli connection up "ConnectionName" --ask < /dev/null >>
Here is what I have.
# uname -a
Linux hptro 4.19.0-18-686-pae #1 SMP Debian 4.19.208-1 (2021-09-29) i686 GNU/Linux
==========================================
# cat /etc/debian_version
10.11
==========================================
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
==========================================
# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp2s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:16:d4:a4:b2:97 brd ff:ff:ff:ff:ff:ff
inet 192.168.xxx.102/24 brd 192.168.xxx.255 scope global dynamic noprefixroute enp2s8
valid_lft 571sec preferred_lft 571sec
inet6 fe80::216:d4ff:fea4:b297/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: wlp2s4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:16:6f:c3:b9:fd brd ff:ff:ff:ff:ff:ff
5: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 3
link/ppp
inet 10.999.999.999 peer 10.64.64.64/32 scope global ppp0
valid_lft forever preferred_lft forever
inet 10.999.999.999/32 brd 10.999.999.999 scope global noprefixroute ppp0
valid_lft forever preferred_lft forever
==========================================
# squid -v
Squid Cache: Version 4.6
Service Name: squid
Debian linux
configure options: '--build=i686-linux-gnu'
'--prefix=/usr'
'--includedir=${prefix}/include'
'--mandir=${prefix}/share/man'
'--infodir=${prefix}/share/info'
'--sysconfdir=/etc'
'--localstatedir=/var'
'--libexecdir=${prefix}/lib/squid'
'--srcdir=.'
'--disable-maintainer-mode'
'--disable-dependency-tracking'
'--disable-silent-rules'
'BUILDCXXFLAGS=-g -O2 -fdebug-prefix-map=/build/reproducible-path/squid-4.6=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -latomic'
'BUILDCXX=i686-linux-gnu-g++'
'--with-build-environment=default'
'--enable-build-info=Debian linux'
'--datadir=/usr/share/squid'
'--sysconfdir=/etc/squid'
'--libexecdir=/usr/lib/squid'
'--mandir=/usr/share/man'
'--enable-inline'
'--disable-arch-native'
'--enable-async-io=8'
'--enable-storeio=ufs,aufs,diskd,rock'
'--enable-removal-policies=lru,heap'
'--enable-delay-pools'
'--enable-cache-digests'
'--enable-icap-client'
'--enable-follow-x-forwarded-for'
'--enable-auth-basic=DB,fake,getpwnam,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB'
'--enable-auth-digest=file,LDAP'
'--enable-auth-negotiate=kerberos,wrapper'
'--enable-auth-ntlm=fake,SMB_LM'
'--enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,time_quota,unix_group,wbinfo_group'
'--enable-security-cert-validators=fake'
'--enable-storeid-rewrite-helpers=file'
'--enable-url-rewrite-helpers=fake'
'--enable-eui'
'--enable-esi'
'--enable-icmp'
'--enable-zph-qos'
'--enable-ecap'
'--disable-translation'
'--with-swapdir=/var/spool/squid'
'--with-logdir=/var/log/squid'
'--with-pidfile=/var/run/squid.pid'
'--with-filedescriptors=65536'
'--with-large-files'
'--with-default-user=proxy'
'--with-gnutls'
'--enable-linux-netfilter'
'build_alias=i686-linux-gnu'
'CC=i686-linux-gnu-gcc'
'CFLAGS=-g -O2 -fdebug-prefix-map=/build/reproducible-path/squid-4.6=. -fstack-protector-strong -Wformat -Werror=format-security -Wall'
'LDFLAGS=-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -latomic'
'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
'CXX=i686-linux-gnu-g++'
'CXXFLAGS=-g -O2 -fdebug-prefix-map=/build/reproducible-path/squid-4.6=. -fstack-protector-strong -Wformat -Werror=format-security'
==========================================
# cat squid.conf
acl localnet src 192.168.xxx.0/24
acl SSL_ports port 443
acl Safe_ports port 80# http
acl Safe_ports port 21# ftp
acl Safe_ports port 443# https
acl Safe_ports port 1025-65535# unregistered ports
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access allow localhost manager
http_access deny manager
include /etc/squid/conf.d/*
http_access allow localnet
http_access deny all
http_port 8213
acl anyclient src all
http_access allow anyclient
tcp_outgoing_address 10.999.999.9 anyclient # <<<<<==================
cache_dir ufs /var/spool/squid 100 16 256
debug_options ALL,5
coredump_dir /var/spool/squid
refresh_pattern ^ftp:144020%10080
refresh_pattern ^gopher:14400%1440
refresh_pattern -i (/cgi-bin/|\?) 00%0
refresh_pattern .020%4320
cache_effective_user squider
cache_effective_group squider
cache deny all
==========================================
Both on the PC's and other device in my local network I set up Firefox settings to use proxy server localhost:8213 and 192.168.xxx.pc:8213 accordingly. Squid proxy server receives their requests as I can see it in
/var/log/squid/access.log
/var/log/squid/cache.log
but it does not work even for http://neverssl.com/
/var/log/squid/access.log says:
1707731618.702 30458 192.168.xxx.other TCP_MISS/503 4430 GET http://neverssl.com/ - HIER_NONE/- text/html
1707749880.122 35 127.0.0.1 TCP_DENIED/403 4379 GET http://neverssl.com/ - HIER_NONE/- text/html
At the same time:
$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.![8)]( "Cool")
56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=117 time=37.2 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=117 time=23.6 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=117 time=23.8 ms
$ ping 8.8.8.8 -I ppp0
PING 8.8.8.8 (8.8.8.![8)]( "Cool")
from 10.70.38.103 ppp0: 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=118 time=1809 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=118 time=808 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=118 time=209 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=118 time=206 ms
If I disconnect the PC from my local net (pull the wire out), then installed mobile connection works as default (whoer.net shows its real IP).
If I don't use tcp_outgoing_address then Squid proxy server works just fine, i mean it shares my cable connection (if I use proxy from outside as I forwarded port from my router)
What am I doing wrong ? What should I do to make squid proxy server go out through alternative connection?
I have GSM USB-modem (Huawei E153) connected to the PC which I can see as wlp2s4.
i install ppp connection to my mobile provideas with command <<nmcli connection up "ConnectionName" --ask < /dev/null >>
Here is what I have.
# uname -a
Linux hptro 4.19.0-18-686-pae #1 SMP Debian 4.19.208-1 (2021-09-29) i686 GNU/Linux
==========================================
# cat /etc/debian_version
10.11
==========================================
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
==========================================
# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp2s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:16:d4:a4:b2:97 brd ff:ff:ff:ff:ff:ff
inet 192.168.xxx.102/24 brd 192.168.xxx.255 scope global dynamic noprefixroute enp2s8
valid_lft 571sec preferred_lft 571sec
inet6 fe80::216:d4ff:fea4:b297/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: wlp2s4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 00:16:6f:c3:b9:fd brd ff:ff:ff:ff:ff:ff
5: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 3
link/ppp
inet 10.999.999.999 peer 10.64.64.64/32 scope global ppp0
valid_lft forever preferred_lft forever
inet 10.999.999.999/32 brd 10.999.999.999 scope global noprefixroute ppp0
valid_lft forever preferred_lft forever
==========================================
# squid -v
Squid Cache: Version 4.6
Service Name: squid
Debian linux
configure options: '--build=i686-linux-gnu'
'--prefix=/usr'
'--includedir=${prefix}/include'
'--mandir=${prefix}/share/man'
'--infodir=${prefix}/share/info'
'--sysconfdir=/etc'
'--localstatedir=/var'
'--libexecdir=${prefix}/lib/squid'
'--srcdir=.'
'--disable-maintainer-mode'
'--disable-dependency-tracking'
'--disable-silent-rules'
'BUILDCXXFLAGS=-g -O2 -fdebug-prefix-map=/build/reproducible-path/squid-4.6=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -latomic'
'BUILDCXX=i686-linux-gnu-g++'
'--with-build-environment=default'
'--enable-build-info=Debian linux'
'--datadir=/usr/share/squid'
'--sysconfdir=/etc/squid'
'--libexecdir=/usr/lib/squid'
'--mandir=/usr/share/man'
'--enable-inline'
'--disable-arch-native'
'--enable-async-io=8'
'--enable-storeio=ufs,aufs,diskd,rock'
'--enable-removal-policies=lru,heap'
'--enable-delay-pools'
'--enable-cache-digests'
'--enable-icap-client'
'--enable-follow-x-forwarded-for'
'--enable-auth-basic=DB,fake,getpwnam,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB'
'--enable-auth-digest=file,LDAP'
'--enable-auth-negotiate=kerberos,wrapper'
'--enable-auth-ntlm=fake,SMB_LM'
'--enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,time_quota,unix_group,wbinfo_group'
'--enable-security-cert-validators=fake'
'--enable-storeid-rewrite-helpers=file'
'--enable-url-rewrite-helpers=fake'
'--enable-eui'
'--enable-esi'
'--enable-icmp'
'--enable-zph-qos'
'--enable-ecap'
'--disable-translation'
'--with-swapdir=/var/spool/squid'
'--with-logdir=/var/log/squid'
'--with-pidfile=/var/run/squid.pid'
'--with-filedescriptors=65536'
'--with-large-files'
'--with-default-user=proxy'
'--with-gnutls'
'--enable-linux-netfilter'
'build_alias=i686-linux-gnu'
'CC=i686-linux-gnu-gcc'
'CFLAGS=-g -O2 -fdebug-prefix-map=/build/reproducible-path/squid-4.6=. -fstack-protector-strong -Wformat -Werror=format-security -Wall'
'LDFLAGS=-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -latomic'
'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
'CXX=i686-linux-gnu-g++'
'CXXFLAGS=-g -O2 -fdebug-prefix-map=/build/reproducible-path/squid-4.6=. -fstack-protector-strong -Wformat -Werror=format-security'
==========================================
# cat squid.conf
acl localnet src 192.168.xxx.0/24
acl SSL_ports port 443
acl Safe_ports port 80# http
acl Safe_ports port 21# ftp
acl Safe_ports port 443# https
acl Safe_ports port 1025-65535# unregistered ports
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access allow localhost manager
http_access deny manager
include /etc/squid/conf.d/*
http_access allow localnet
http_access deny all
http_port 8213
acl anyclient src all
http_access allow anyclient
tcp_outgoing_address 10.999.999.9 anyclient # <<<<<==================
cache_dir ufs /var/spool/squid 100 16 256
debug_options ALL,5
coredump_dir /var/spool/squid
refresh_pattern ^ftp:144020%10080
refresh_pattern ^gopher:14400%1440
refresh_pattern -i (/cgi-bin/|\?) 00%0
refresh_pattern .020%4320
cache_effective_user squider
cache_effective_group squider
cache deny all
==========================================
Both on the PC's and other device in my local network I set up Firefox settings to use proxy server localhost:8213 and 192.168.xxx.pc:8213 accordingly. Squid proxy server receives their requests as I can see it in
/var/log/squid/access.log
/var/log/squid/cache.log
but it does not work even for http://neverssl.com/
/var/log/squid/access.log says:
1707731618.702 30458 192.168.xxx.other TCP_MISS/503 4430 GET http://neverssl.com/ - HIER_NONE/- text/html
1707749880.122 35 127.0.0.1 TCP_DENIED/403 4379 GET http://neverssl.com/ - HIER_NONE/- text/html
At the same time:
$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.
56(84) bytes of data.64 bytes from 8.8.8.8: icmp_seq=1 ttl=117 time=37.2 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=117 time=23.6 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=117 time=23.8 ms
$ ping 8.8.8.8 -I ppp0
PING 8.8.8.8 (8.8.8.
from 10.70.38.103 ppp0: 56(84) bytes of data.64 bytes from 8.8.8.8: icmp_seq=1 ttl=118 time=1809 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=118 time=808 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=118 time=209 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=118 time=206 ms
If I disconnect the PC from my local net (pull the wire out), then installed mobile connection works as default (whoer.net shows its real IP).
If I don't use tcp_outgoing_address then Squid proxy server works just fine, i mean it shares my cable connection (if I use proxy from outside as I forwarded port from my router)
What am I doing wrong ? What should I do to make squid proxy server go out through alternative connection?
Statistics: Posted by C4H7Cl2O4P — 2024-02-12 15:13 — Replies 2 — Views 57