Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 12 Jan 2003 19:25:47 +0200
From:      Paulius Bulotas <paulius@kaktusas.org>
To:        freebsd-isp@freebsd.org
Subject:   transparent proxy and log_in_vain=1
Message-ID:  <20030112172547.GA83392@kaktusas.org>

next in thread | raw e-mail | index | archive | help
----- Forwarded message from Putinas <putinas.piliponis@icnspot.net> -----

I have one problem already few months and still I am not able to solve it.
I am using squid as transparent proxy setup it up on FreeBSD 4.7 and making
redirection with ipnat:


rdr fxp0 192.168.100.252/32 port 80 -> 62.68.42.70 port 80
rdr fxp0 62.68.42.70/32 port 80 -> 62.68.42.70 port 80
rdr fxp0 0.0.0.0/0 port 80 -> 127.0.0.1 port 80
map xl0 192.168.100.0/24 -> 0.0.0.0/32 portmap tcp/udp 10000:65000
map xl0 192.168.100.0/24 -> 0.0.0.0/32

squid is running on 127.0.0.1 port 80

also FreeBSD is running with kernel options log_in_vain=1
just a short brief what it is:
FreeBSD features a sysctl option "net.inet.(tcp|udp).log_in_vain" that
allows packets destined for non-listening ports on a server to be logged to
syslog.

and I am getting from time to time in syslog such records:

Connection attempt to TCP 62.68.42.70:2042 from 66.163.171.166:80
--- 2 times ---
Connection attempt to TCP 62.68.42.70:2045 from 66.163.171.166:80
Connection attempt to TCP 62.68.42.70:2073 from 66.40.9.139:80
--- 3 times ---
Connection attempt to TCP 62.68.42.70:2069 from 66.40.9.143:80
Connection attempt to TCP 62.68.42.70:2133 from 216.136.224.190:80
--- 20 times ---
Connection attempt to TCP 62.68.42.70:2162 from 202.157.166.121:80
--- 3 times ---
Connection attempt to TCP 62.68.42.70:2197 from 66.230.128.157:80
--- 12 times ---
Connection attempt to TCP 62.68.42.70:2340 from 66.40.9.137:80
Connection attempt to TCP 62.68.42.70:2391 from 216.136.224.190:80

and so on ....

Ok, still everything looks working properly, but I would like to know a
reason why it's happening ?
Why the webserver sends the response to a not listened port or squid
close the port before response arrives? And how to fix it or set up in
proper way?


Regards,
Putinas

----- End forwarded message -----

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030112172547.GA83392>