From owner-freebsd-isp Sun Jan 12 9:25:52 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0CF9937B401 for ; Sun, 12 Jan 2003 09:25:51 -0800 (PST) Received: from noname.csdl.lt (noname.csdl.lt [194.176.40.182]) by mx1.FreeBSD.org (Postfix) with SMTP id 9864443F5F for ; Sun, 12 Jan 2003 09:25:49 -0800 (PST) (envelope-from paulius@kaktusas.org) Received: (qmail 83433 invoked by uid 1000); 12 Jan 2003 17:25:47 -0000 Date: Sun, 12 Jan 2003 19:25:47 +0200 From: Paulius Bulotas To: freebsd-isp@freebsd.org Subject: transparent proxy and log_in_vain=1 Message-ID: <20030112172547.GA83392@kaktusas.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-URL: http://www.kaktusas.org/ Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Forwarded message from Putinas ----- I have one problem already few months and still I am not able to solve it. I am using squid as transparent proxy setup it up on FreeBSD 4.7 and making redirection with ipnat: rdr fxp0 192.168.100.252/32 port 80 -> 62.68.42.70 port 80 rdr fxp0 62.68.42.70/32 port 80 -> 62.68.42.70 port 80 rdr fxp0 0.0.0.0/0 port 80 -> 127.0.0.1 port 80 map xl0 192.168.100.0/24 -> 0.0.0.0/32 portmap tcp/udp 10000:65000 map xl0 192.168.100.0/24 -> 0.0.0.0/32 squid is running on 127.0.0.1 port 80 also FreeBSD is running with kernel options log_in_vain=1 just a short brief what it is: FreeBSD features a sysctl option "net.inet.(tcp|udp).log_in_vain" that allows packets destined for non-listening ports on a server to be logged to syslog. and I am getting from time to time in syslog such records: Connection attempt to TCP 62.68.42.70:2042 from 66.163.171.166:80 --- 2 times --- Connection attempt to TCP 62.68.42.70:2045 from 66.163.171.166:80 Connection attempt to TCP 62.68.42.70:2073 from 66.40.9.139:80 --- 3 times --- Connection attempt to TCP 62.68.42.70:2069 from 66.40.9.143:80 Connection attempt to TCP 62.68.42.70:2133 from 216.136.224.190:80 --- 20 times --- Connection attempt to TCP 62.68.42.70:2162 from 202.157.166.121:80 --- 3 times --- Connection attempt to TCP 62.68.42.70:2197 from 66.230.128.157:80 --- 12 times --- Connection attempt to TCP 62.68.42.70:2340 from 66.40.9.137:80 Connection attempt to TCP 62.68.42.70:2391 from 216.136.224.190:80 and so on .... Ok, still everything looks working properly, but I would like to know a reason why it's happening ? Why the webserver sends the response to a not listened port or squid close the port before response arrives? And how to fix it or set up in proper way? Regards, Putinas ----- End forwarded message ----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message