Saturday, September 08, 2012
IP SLA log for Packet loss
Sample Config for IP SLA monitor Link
This config with IOS advsecurityk9-mz.124-15.T13.bin
ip sla logging traps
ip sla 203
icmp-echo 192.168.1.1
tag VPN_Gateway
frequency 10
ip sla reaction-configuration 203 react timeout threshold-type immediate action-type trapOnly
ip sla schedule 203 life forever start-time now
###########sample log##########
Sep 8 2012 19:33:24.110 TH: %RTT-4-OPER_TIMEOUT: condition occurred, entry number = 203
Sep 8 2012 19:33:24.158 TH: %RTT-3-IPSLATHRESHOLD: IP SLAs(203): Threshold Occurred for timeout
Sep 8 2012 19:33:49.492 TH: %RTT-4-OPER_TIMEOUT: condition cleared, entry number = 203
Sep 8 2012 19:33:49.540 TH: %RTT-3-IPSLATHRESHOLD: IP SLAs(203): Threshold Cleared for timeout
Monday, July 09, 2012
How to change google search on linux mint11
change google search firefox on linux mint11
root@linux#vi /usr/lib/firefox-addons/searchplugins/en-US/google.xml
Here sample config file search
###############################################################
Google
Google Search
UTF-8
www.google.com
root@linux#vi /usr/lib/firefox-addons/searchplugins/en-US/google.xml
Here sample config file search
###############################################################
disable unwant on ubuntu 12.04
ubuntu 12.04
disable guest account
Open /etc/lightdm/lightdm.conf file from your terminal using the following command
sudo gedit /etc/lightdm/lightdm.conf
Add the following line
allow-guest=false
Save and exit the file
After adding the above line you should see similar to the following in lightdm.conf file
[SeatDefaults]
user-session=ubuntu
greeter-session=unity-greeter
allow-guest=false
Finally you have to restart lightdm using the following command from your terminal
sudo /etc/init.d/lightdm restart
=============
disable dnsmasq
If you don’t want a local resolver you can turn it off DNSMASQ using the following procedure
You need to edit /etc/NetworkManager/NetworkManager.conf file
gksudo gedit /etc/NetworkManager/NetworkManager.conf
and comment out the following line from
dns=dnsmasq
to
#dns=dnsmasq
Save and exit the file
Now you need to network-manager using the following command
sudo /etc/init.d/network-manager restart
disable guest account
Open /etc/lightdm/lightdm.conf file from your terminal using the following command
sudo gedit /etc/lightdm/lightdm.conf
Add the following line
allow-guest=false
Save and exit the file
After adding the above line you should see similar to the following in lightdm.conf file
[SeatDefaults]
user-session=ubuntu
greeter-session=unity-greeter
allow-guest=false
Finally you have to restart lightdm using the following command from your terminal
sudo /etc/init.d/lightdm restart
=============
disable dnsmasq
If you don’t want a local resolver you can turn it off DNSMASQ using the following procedure
You need to edit /etc/NetworkManager/NetworkManager.conf file
gksudo gedit /etc/NetworkManager/NetworkManager.conf
and comment out the following line from
dns=dnsmasq
to
#dns=dnsmasq
Save and exit the file
Now you need to network-manager using the following command
sudo /etc/init.d/network-manager restart
Saturday, June 30, 2012
Problem ssh client remote to ssh server version 1 for debian 6.04
How to enable ssh client to support ssh server version 1 and 2
problem
When remote ssh to server version 1 the message will warn like this . because default version of ssh client is version 2.
root@tproxy:/etc# ssh root@192.168.229.1
Protocol major versions differ: 2 vs. 1
root@tproxy:/etc#
ssh software for ssh client
root@tproxy:/etc/ssh# ssh -V
OpenSSH_5.5p1 Debian-6+squeeze1, OpenSSL 0.9.8o 01 Jun 2010
root@tproxy:/etc/ssh#
How to resolve
root@tproxy:/etc# vi /etc/ssh/ssh_config
unmark # in line protocol 2,1 to enable both version 1 and 2
Protocol 2,1
save and restart service ssh by command
root@tproxy:~# /etc/init.d/ssh restart
Restarting OpenBSD Secure Shell server: sshd.
root@tproxy:~#
===========
Test for version 1
root@tproxy:~# ssh cisco@192.168.229.129
The authenticity of host '192.168.229.129 (192.168.229.129)' can't be established.
RSA1 key fingerprint is 6f:37:40:fe:19:ed:67:5a:89:85:e7:e5:8f:9d:a5:09.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.229.129' (RSA1) to the list of known hosts.
cisco@192.168.229.129's password:
R1>sh ip ssh
SSH Enabled - version 1.5
Authentication timeout: 120 secs; Authentication retries: 3
R1>
Test for version 2
root@tproxy:~# ssh cisco@192.168.229.129
WARNING: RSA1 key found for host 192.168.229.129
in /root/.ssh/known_hosts:1
RSA1 key fingerprint 6f:37:40:fe:19:ed:67:5a:89:85:e7:e5:8f:9d:a5:09.
+--[RSA1 1024]----+
| |
| |
| . |
| o .. |
| S o ...o.|
| . o +=.o|
| o E..o*|
| . . o X+|
| =.o|
+-----------------+
The authenticity of host '192.168.229.129 (192.168.229.129)' can't be established
but keys of different type are already known for this host.
RSA key fingerprint is aa:f8:94:e1:a7:d2:c8:56:44:94:44:37:65:7f:d7:c0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.229.129' (RSA) to the list of known hosts.
Password:
R1>sh ip ssh
SSH Enabled - version 2.0
Authentication timeout: 120 secs; Authentication retries: 3
R1>
problem
When remote ssh to server version 1 the message will warn like this . because default version of ssh client is version 2.
root@tproxy:/etc# ssh root@192.168.229.1
Protocol major versions differ: 2 vs. 1
root@tproxy:/etc#
ssh software for ssh client
root@tproxy:/etc/ssh# ssh -V
OpenSSH_5.5p1 Debian-6+squeeze1, OpenSSL 0.9.8o 01 Jun 2010
root@tproxy:/etc/ssh#
How to resolve
root@tproxy:/etc# vi /etc/ssh/ssh_config
unmark # in line protocol 2,1 to enable both version 1 and 2
Protocol 2,1
save and restart service ssh by command
root@tproxy:~# /etc/init.d/ssh restart
Restarting OpenBSD Secure Shell server: sshd.
root@tproxy:~#
===========
Test for version 1
root@tproxy:~# ssh cisco@192.168.229.129
The authenticity of host '192.168.229.129 (192.168.229.129)' can't be established.
RSA1 key fingerprint is 6f:37:40:fe:19:ed:67:5a:89:85:e7:e5:8f:9d:a5:09.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.229.129' (RSA1) to the list of known hosts.
cisco@192.168.229.129's password:
R1>sh ip ssh
SSH Enabled - version 1.5
Authentication timeout: 120 secs; Authentication retries: 3
R1>
Test for version 2
root@tproxy:~# ssh cisco@192.168.229.129
WARNING: RSA1 key found for host 192.168.229.129
in /root/.ssh/known_hosts:1
RSA1 key fingerprint 6f:37:40:fe:19:ed:67:5a:89:85:e7:e5:8f:9d:a5:09.
+--[RSA1 1024]----+
| |
| |
| . |
| o .. |
| S o ...o.|
| . o +=.o|
| o E..o*|
| . . o X+|
| =.o|
+-----------------+
The authenticity of host '192.168.229.129 (192.168.229.129)' can't be established
but keys of different type are already known for this host.
RSA key fingerprint is aa:f8:94:e1:a7:d2:c8:56:44:94:44:37:65:7f:d7:c0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.229.129' (RSA) to the list of known hosts.
Password:
R1>sh ip ssh
SSH Enabled - version 2.0
Authentication timeout: 120 secs; Authentication retries: 3
R1>
Thursday, February 16, 2012
How to add user via CLI Linux
How to add user via CLI Linux
root@ubuntu:/home# useradd -d /home/ldapadmin -s /bin/bash -m ldapadmin
root@ubuntu:/home# passwd ldapadmin
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
verify
root@ubuntu:/home# ls
ldapadmin ruamit
root@ubuntu:/home# grep ldapadmin /etc/passwd
ldapadmin:x:1001:1001::/home/ldapadmin:/bin/bash
root@ubuntu:/home# grep ldapadmin /etc/group
ldapadmin:x:1001:
root@ubuntu:/home# grep ldapadmin /etc/shadow
ldapadmin:$6$AMNnkWYY$jFbAtB2Lb8/PNbZlKvlyoPf8DhAIBwSpU/5TYlWLZSGkGxUsma.Sq49nfJRhVgnRLE.mU8El/3m.JEdV8M/511:15386:0:99999:7:::
root@ubuntu:/home#
root@ubuntu:/home# ls -al
total 16
drwxr-xr-x 4 root root 4096 2012-02-16 16:57 .
drwxr-xr-x 22 root root 4096 2012-02-16 11:26 ..
drwxr-xr-x 2 ldapadmin ldapadmin 4096 2012-02-16 16:57 ldapadmin
root@ubuntu:/home#
sample when login
root@ubuntu:/home# ssh -l ldapadmin localhost
ldapadmin@localhost's password:
Last login: Thu Feb 16 16:46:24 2012 from 192.168.2.200
ldapadmin@ubuntu:~$
ldapadmin@ubuntu:~$ ls -al
total 28
drwxr-xr-x 3 ldapadmin ldapadmin 4096 2012-02-16 16:46 .
drwxr-xr-x 4 root root 4096 2012-02-16 16:46 ..
-rw-r--r-- 1 ldapadmin ldapadmin 220 2011-04-01 02:26 .bash_logout
-rw-r--r-- 1 ldapadmin ldapadmin 3353 2011-04-01 02:26 .bashrc
drwx------ 2 ldapadmin ldapadmin 4096 2012-02-16 16:46 .cache
-rw-r--r-- 1 ldapadmin ldapadmin 179 2010-09-15 18:41 examples.desktop
-rw-r--r-- 1 ldapadmin ldapadmin 675 2011-04-01 02:26 .profile
ldapadmin@ubuntu:~$
how to delete
root@ubuntu:/home# userdel -r ldapadmin
verify
root@ubuntu:/home# grep ldapadmin /etc/passwd
root@ubuntu:/home# grep ldapadmin /etc/group
root@ubuntu:/home# grep ldapadmin /etc/shadow
root@ubuntu:/home# ls -al
total 12
drwxr-xr-x 3 root root 4096 2012-02-16 17:01 .
drwxr-xr-x 22 root root 4096 2012-02-16 11:26 ..
root@ubuntu:/home#
root@ubuntu:/home# useradd -d /home/ldapadmin -s /bin/bash -m ldapadmin
root@ubuntu:/home# passwd ldapadmin
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
verify
root@ubuntu:/home# ls
ldapadmin ruamit
root@ubuntu:/home# grep ldapadmin /etc/passwd
ldapadmin:x:1001:1001::/home/ldapadmin:/bin/bash
root@ubuntu:/home# grep ldapadmin /etc/group
ldapadmin:x:1001:
root@ubuntu:/home# grep ldapadmin /etc/shadow
ldapadmin:$6$AMNnkWYY$jFbAtB2Lb8/PNbZlKvlyoPf8DhAIBwSpU/5TYlWLZSGkGxUsma.Sq49nfJRhVgnRLE.mU8El/3m.JEdV8M/511:15386:0:99999:7:::
root@ubuntu:/home#
root@ubuntu:/home# ls -al
total 16
drwxr-xr-x 4 root root 4096 2012-02-16 16:57 .
drwxr-xr-x 22 root root 4096 2012-02-16 11:26 ..
drwxr-xr-x 2 ldapadmin ldapadmin 4096 2012-02-16 16:57 ldapadmin
root@ubuntu:/home#
sample when login
root@ubuntu:/home# ssh -l ldapadmin localhost
ldapadmin@localhost's password:
Last login: Thu Feb 16 16:46:24 2012 from 192.168.2.200
ldapadmin@ubuntu:~$
ldapadmin@ubuntu:~$ ls -al
total 28
drwxr-xr-x 3 ldapadmin ldapadmin 4096 2012-02-16 16:46 .
drwxr-xr-x 4 root root 4096 2012-02-16 16:46 ..
-rw-r--r-- 1 ldapadmin ldapadmin 220 2011-04-01 02:26 .bash_logout
-rw-r--r-- 1 ldapadmin ldapadmin 3353 2011-04-01 02:26 .bashrc
drwx------ 2 ldapadmin ldapadmin 4096 2012-02-16 16:46 .cache
-rw-r--r-- 1 ldapadmin ldapadmin 179 2010-09-15 18:41 examples.desktop
-rw-r--r-- 1 ldapadmin ldapadmin 675 2011-04-01 02:26 .profile
ldapadmin@ubuntu:~$
how to delete
root@ubuntu:/home# userdel -r ldapadmin
verify
root@ubuntu:/home# grep ldapadmin /etc/passwd
root@ubuntu:/home# grep ldapadmin /etc/group
root@ubuntu:/home# grep ldapadmin /etc/shadow
root@ubuntu:/home# ls -al
total 12
drwxr-xr-x 3 root root 4096 2012-02-16 17:01 .
drwxr-xr-x 22 root root 4096 2012-02-16 11:26 ..
root@ubuntu:/home#
Wednesday, February 08, 2012
Install DHCP on Linux
Install DHCP on Linux
root@servert# apt-get install dhcp3-server
====================================
sample config
root@servert# cat /etc/dhcp3/dhcpd.conf
ddns-update-style none;
log-facility local7;
ignore client-updates;
option domain-name-servers 192.168.2.1, 172.30.0.1;
default-lease-time 600;
max-lease-time 3600;
authoritative;
subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.200 192.168.2.229;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.2.255;
option routers 192.168.2.1;
}
root@servert# cat /etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.2.1
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.1.255
root@servert# cat /etc/default/dhcp3-server
# Defaults for dhcp initscript
# sourced by /etc/init.d/dhcp
# installed at /etc/default/dhcp3-server by the maintainer scripts
#
# This is a POSIX shell fragment
#
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
# Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACES="eth0"
=======================================================
check lease time
Note: This time format refer UTC +0 cannot modify any more
root@servert# cat /var/lib/dhcp3/dhcpd.leases
# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-V3.1.3
lease 192.168.2.200 {
starts 3 2012/02/08 14:08:08;
ends 3 2012/02/08 14:18:08;
tstp 3 2012/02/08 14:18:08;
cltt 3 2012/02/08 14:08:08;
binding state active;
next binding state free;
hardware ethernet 00:50:56:C0:00:08;
uid "\001\350\232\217]4\366";
client-hostname "pc001";
}
lease 192.168.2.200 {
starts 3 2012/02/08 14:13:08;
ends 3 2012/02/08 14:23:08;
cltt 3 2012/02/08 14:13:08;
binding state active;
next binding state free;
hardware ethernet 00:50:56:C0:00:08;
uid "\001\350\232\217]4\366";
client-hostname "vmhost";
}
root@servert#
root@servert# apt-get install dhcp3-server
====================================
sample config
root@servert# cat /etc/dhcp3/dhcpd.conf
ddns-update-style none;
log-facility local7;
ignore client-updates;
option domain-name-servers 192.168.2.1, 172.30.0.1;
default-lease-time 600;
max-lease-time 3600;
authoritative;
subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.200 192.168.2.229;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.2.255;
option routers 192.168.2.1;
}
root@servert# cat /etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.2.1
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.1.255
root@servert# cat /etc/default/dhcp3-server
# Defaults for dhcp initscript
# sourced by /etc/init.d/dhcp
# installed at /etc/default/dhcp3-server by the maintainer scripts
#
# This is a POSIX shell fragment
#
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
# Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACES="eth0"
=======================================================
check lease time
Note: This time format refer UTC +0 cannot modify any more
root@servert# cat /var/lib/dhcp3/dhcpd.leases
# The format of this file is documented in the dhcpd.leases(5) manual page.
# This lease file was written by isc-dhcp-V3.1.3
lease 192.168.2.200 {
starts 3 2012/02/08 14:08:08;
ends 3 2012/02/08 14:18:08;
tstp 3 2012/02/08 14:18:08;
cltt 3 2012/02/08 14:08:08;
binding state active;
next binding state free;
hardware ethernet 00:50:56:C0:00:08;
uid "\001\350\232\217]4\366";
client-hostname "pc001";
}
lease 192.168.2.200 {
starts 3 2012/02/08 14:13:08;
ends 3 2012/02/08 14:23:08;
cltt 3 2012/02/08 14:13:08;
binding state active;
next binding state free;
hardware ethernet 00:50:56:C0:00:08;
uid "\001\350\232\217]4\366";
client-hostname "vmhost";
}
root@servert#
squid3 tproxy on ubuntu 10.10 How to
tproxy on ubuntu 10.10 How to
Refer http://wiki.squid-cache.org/Features/Tproxy4
echo 2 > /proc/sys/net/ipv4/conf/default/rp_filter
echo 2 > /proc/sys/net/ipv4/conf/all/rp_filter
modprobe ip_tables
modprobe iptable_filter
modprobe ipt_TPROXY
modprobe ipt_tproxy
=======================
config on /etc/sysctrl.conf
net.ipv4.conf.default.rp_filter=2
net.ipv4.conf.all.rp_filter=2
net.ipv4.ip_forward=1
=============================
Add in /etc/rc.local
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
iptables -t mangle -N DIVERT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -A FORWARD -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 5/sec -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
================================
#squid3 config
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access allow manager
http_access allow !Safe_ports
http_access allow CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all
http_reply_access allow all
http_port 3129 tproxy
tcp_outgoing_address 0.0.0.0
udp_incoming_address 0.0.0.0
udp_outgoing_address 0.0.0.0
icp_port 0
via off
forwarded_for off
log_mime_hdrs off
httpd_suppress_version_string on
ie_refresh on
cache_mem 256 MB
maximum_object_size_in_memory 16 KB
cache_dir ufs /var/spool/squid3/cache1 1000 16 256
cache_dir ufs /var/spool/squid3/cache2 1000 16 256
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
minimum_object_size 0 KB
maximum_object_size 40960 KB
mime_table /usr/share/squid3/mime.conf
logformat common %{%Y-%m-%d %H:%M:%S}tl %6tr %>a %Ss/%03>Hs %access_log /var/log/squid3/access.log common
cache_log /var/log/squid3/cache.log
cache_store_log none
logfile_rotate 5
log_mime_hdrs off
shutdown_lifetime 5 seconds
log_icp_queries off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 1440 20% 14400
cache_mgr webmaster
cache_effective_user proxy
cache_effective_group proxy
pid_filename /var/run/squid3.pid
coredump_dir /var/cache/squid3
==========
url http://wiki.squid-cache.org/Features/Tproxy4
check squid support
squid 3.1 = squid3 -v | grep "enable-linux-netfilter"
kernel 2.6.35 up
iptable 1.4.1
=======================
sample log and netstat
root@ThinkPad:~# tail -f /var/log/squid3/access.log
2012-02-08 17:08:18 267 192.168.2.200 TCP_MISS/200 3410 GET http://l.yimg.com/cv/ae/us/yahoo/111031/120x45liw942fx1.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:18 347 192.168.2.200 TCP_MISS/200 1539 GET http://l1.yimg.com/a/i/ww/met/pa_icons_18/twitter_new_20101222.gif - DIRECT/216.115.100.102 image/gif
2012-02-08 17:08:18 24 192.168.2.200 TCP_HIT/200 3070 GET http://l.yimg.com/a/i/mntl/aut/09q4/def_aa9d6007.jpg - NONE/- image/jpeg
2012-02-08 17:08:19 562 192.168.2.200 TCP_MISS/200 3440 GET http://l.yimg.com/cv/ip/ap/default/120207/bikeman_sec.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:19 1 192.168.2.200 TCP_HIT/200 2577 GET http://l.yimg.com/a/i/ww/met/sprite_videoicon_20100201_ltr.png - NONE/- image/png
2012-02-08 17:08:19 861 192.168.2.200 TCP_MISS/200 5836 GET http://l1.yimg.com/cv/ip/ap/default/120207/moreno2_sm.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:19 886 192.168.2.200 TCP_MISS/200 6500 GET http://l1.yimg.com/cv/ip/ap/default/120207/maria_sm.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:19 913 192.168.2.200 TCP_MISS/200 3467 GET http://l.yimg.com/cv/ip/ap/default/120208/syria_sc.jpg - DIRECT/216.115.100.102 image/jpeg
root@ThinkPad:~# netstat -tuanp | grep squid
tcp 0 0 0.0.0.0:3129 0.0.0.0:* LISTEN 1805/(squid)
tcp 0 0 110.164.205.140:80 192.168.2.200:51088 ESTABLISHED 1805/(squid)
tcp 0 0 192.168.2.200:47416 216.115.100.102:80 ESTABLISHED 1805/(squid)
tcp 0 0 192.168.2.200:38141 216.115.100.102:80 ESTABLISHED 1805/(squid)
tcp 0 0 192.168.2.200:50905 216.115.100.102:80 ESTABLISHED 1805/(squid)
tcp 0 0 110.164.205.143:80 192.168.2.200:51120 ESTABLISHED 1805/(squid)
tcp 0 0 216.115.100.103:80 192.168.2.200:51133 ESTABLISHED 1805/(squid)
tcp 0 0 192.168.2.200:43751 216.115.100.102:80 ESTABLISHED 1805/(squid)
Refer http://wiki.squid-cache.org/Features/Tproxy4
echo 2 > /proc/sys/net/ipv4/conf/default/rp_filter
echo 2 > /proc/sys/net/ipv4/conf/all/rp_filter
modprobe ip_tables
modprobe iptable_filter
modprobe ipt_TPROXY
modprobe ipt_tproxy
=======================
config on /etc/sysctrl.conf
net.ipv4.conf.default.rp_filter=2
net.ipv4.conf.all.rp_filter=2
net.ipv4.ip_forward=1
=============================
Add in /etc/rc.local
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
iptables -t mangle -N DIVERT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -A FORWARD -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 5/sec -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
================================
#squid3 config
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access allow manager
http_access allow !Safe_ports
http_access allow CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all
http_reply_access allow all
http_port 3129 tproxy
tcp_outgoing_address 0.0.0.0
udp_incoming_address 0.0.0.0
udp_outgoing_address 0.0.0.0
icp_port 0
via off
forwarded_for off
log_mime_hdrs off
httpd_suppress_version_string on
ie_refresh on
cache_mem 256 MB
maximum_object_size_in_memory 16 KB
cache_dir ufs /var/spool/squid3/cache1 1000 16 256
cache_dir ufs /var/spool/squid3/cache2 1000 16 256
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
minimum_object_size 0 KB
maximum_object_size 40960 KB
mime_table /usr/share/squid3/mime.conf
logformat common %{%Y-%m-%d %H:%M:%S}tl %6tr %>a %Ss/%03>Hs %access_log /var/log/squid3/access.log common
cache_log /var/log/squid3/cache.log
cache_store_log none
logfile_rotate 5
log_mime_hdrs off
shutdown_lifetime 5 seconds
log_icp_queries off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 1440 20% 14400
cache_mgr webmaster
cache_effective_user proxy
cache_effective_group proxy
pid_filename /var/run/squid3.pid
coredump_dir /var/cache/squid3
==========
url http://wiki.squid-cache.org/Features/Tproxy4
check squid support
squid 3.1 = squid3 -v | grep "enable-linux-netfilter"
kernel 2.6.35 up
iptable 1.4.1
=======================
sample log and netstat
root@ThinkPad:~# tail -f /var/log/squid3/access.log
2012-02-08 17:08:18 267 192.168.2.200 TCP_MISS/200 3410 GET http://l.yimg.com/cv/ae/us/yahoo/111031/120x45liw942fx1.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:18 347 192.168.2.200 TCP_MISS/200 1539 GET http://l1.yimg.com/a/i/ww/met/pa_icons_18/twitter_new_20101222.gif - DIRECT/216.115.100.102 image/gif
2012-02-08 17:08:18 24 192.168.2.200 TCP_HIT/200 3070 GET http://l.yimg.com/a/i/mntl/aut/09q4/def_aa9d6007.jpg - NONE/- image/jpeg
2012-02-08 17:08:19 562 192.168.2.200 TCP_MISS/200 3440 GET http://l.yimg.com/cv/ip/ap/default/120207/bikeman_sec.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:19 1 192.168.2.200 TCP_HIT/200 2577 GET http://l.yimg.com/a/i/ww/met/sprite_videoicon_20100201_ltr.png - NONE/- image/png
2012-02-08 17:08:19 861 192.168.2.200 TCP_MISS/200 5836 GET http://l1.yimg.com/cv/ip/ap/default/120207/moreno2_sm.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:19 886 192.168.2.200 TCP_MISS/200 6500 GET http://l1.yimg.com/cv/ip/ap/default/120207/maria_sm.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:19 913 192.168.2.200 TCP_MISS/200 3467 GET http://l.yimg.com/cv/ip/ap/default/120208/syria_sc.jpg - DIRECT/216.115.100.102 image/jpeg
root@ThinkPad:~# netstat -tuanp | grep squid
tcp 0 0 0.0.0.0:3129 0.0.0.0:* LISTEN 1805/(squid)
tcp 0 0 110.164.205.140:80 192.168.2.200:51088 ESTABLISHED 1805/(squid)
tcp 0 0 192.168.2.200:47416 216.115.100.102:80 ESTABLISHED 1805/(squid)
tcp 0 0 192.168.2.200:38141 216.115.100.102:80 ESTABLISHED 1805/(squid)
tcp 0 0 192.168.2.200:50905 216.115.100.102:80 ESTABLISHED 1805/(squid)
tcp 0 0 110.164.205.143:80 192.168.2.200:51120 ESTABLISHED 1805/(squid)
tcp 0 0 216.115.100.103:80 192.168.2.200:51133 ESTABLISHED 1805/(squid)
tcp 0 0 192.168.2.200:43751 216.115.100.102:80 ESTABLISHED 1805/(squid)
tproxy squid3 on ubuntu 10.10 How to
tproxy on ubuntu 10.10 How to
Refer http://wiki.squid-cache.org/Features/Tproxy4
echo 2 > /proc/sys/net/ipv4/conf/default/rp_filter
echo 2 > /proc/sys/net/ipv4/conf/all/rp_filter
modprobe ip_tables
modprobe iptable_filter
modprobe ipt_TPROXY
modprobe ipt_tproxy
=======================
config on /etc/sysctrl.conf
net.ipv4.conf.default.rp_filter=2
net.ipv4.conf.all.rp_filter=2
net.ipv4.ip_forward=1
=============================
Add in /etc/rc.local
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
iptables -t mangle -N DIVERT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -A FORWARD -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 5/sec -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
================================
#squid3 config
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access allow manager
http_access allow !Safe_ports
http_access allow CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all
http_reply_access allow all
http_port 3129 tproxy
tcp_outgoing_address 0.0.0.0
udp_incoming_address 0.0.0.0
udp_outgoing_address 0.0.0.0
icp_port 0
via off
forwarded_for off
log_mime_hdrs off
httpd_suppress_version_string on
ie_refresh on
cache_mem 256 MB
maximum_object_size_in_memory 16 KB
cache_dir ufs /var/spool/squid3/cache1 1000 16 256
cache_dir ufs /var/spool/squid3/cache2 1000 16 256
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
minimum_object_size 0 KB
maximum_object_size 40960 KB
mime_table /usr/share/squid3/mime.conf
logformat common %{%Y-%m-%d %H:%M:%S}tl %6tr %>a %Ss/%03>Hs %access_log /var/log/squid3/access.log common
cache_log /var/log/squid3/cache.log
cache_store_log none
logfile_rotate 5
log_mime_hdrs off
shutdown_lifetime 5 seconds
log_icp_queries off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 1440 20% 14400
cache_mgr webmaster
cache_effective_user proxy
cache_effective_group proxy
pid_filename /var/run/squid3.pid
coredump_dir /var/cache/squid3
==========
url http://wiki.squid-cache.org/Features/Tproxy4
check squid support
squid 3.1 = squid3 -v | grep "enable-linux-netfilter"
kernel 2.6.35 up
iptable 1.4.1
sample netstat and log
root@ThinkPad:~# tail -f /var/log/squid3/access.log
2012-02-08 17:08:18 267 192.168.2.200 TCP_MISS/200 3410 GET http://l.yimg.com/cv/ae/us/yahoo/111031/120x45liw942fx1.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:18 347 192.168.2.200 TCP_MISS/200 1539 GET http://l1.yimg.com/a/i/ww/met/pa_icons_18/twitter_new_20101222.gif - DIRECT/216.115.100.102 image/gif
2012-02-08 17:08:18 24 192.168.2.200 TCP_HIT/200 3070 GET http://l.yimg.com/a/i/mntl/aut/09q4/def_aa9d6007.jpg - NONE/- image/jpeg
2012-02-08 17:08:19 562 192.168.2.200 TCP_MISS/200 3440 GET http://l.yimg.com/cv/ip/ap/default/120207/bikeman_sec.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:19 1 192.168.2.200 TCP_HIT/200 2577 GET http://l.yimg.com/a/i/ww/met/sprite_videoicon_20100201_ltr.png - NONE/- image/png
2012-02-08 17:08:19 861 192.168.2.200 TCP_MISS/200 5836 GET http://l1.yimg.com/cv/ip/ap/default/120207/moreno2_sm.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:19 886 192.168.2.200 TCP_MISS/200 6500 GET http://l1.yimg.com/cv/ip/ap/default/120207/maria_sm.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:19 913 192.168.2.200 TCP_MISS/200 3467 GET http://l.yimg.com/cv/ip/ap/default/120208/syria_sc.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:19 664 192.168.2.200 TCP_MISS/200 14284 GET http://l.yimg.com/cv/ip/ap/default/120207/engagement110.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:19 13 192.168.2.200 TCP_HIT/200 20904 GET http://l.yimg.com/zz/combo? - NONE/- application/x-javascript
2012-02-08 17:08:20 1667 192.168.2.200 TCP_MISS/200 3853 GET http://l.yimg.com/cv/ip/ap/default/120207/amyduggar_sec.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:20 1688 192.168.2.200 TCP_MISS/200 5862 GET http://l1.yimg.com/cv/ip/ap/default/120207/robertdowney_sm.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:20 1510 192.168.2.200 TCP_MISS/200 2515 GET http://l1.yimg.com/cv/ip/ap/default/120208/romney_sm.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:20 1639 192.168.2.200 TCP_MISS/200 16956 GET http://l.yimg.com/cv/mntl/aut/11q3/img_f21dc41a.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:20 1 192.168.2.200 TCP_HIT/200 5500 GET http://l.yimg.com/cv/mntl/sma/11q3/img_68b0e692.jpg - NONE/- image/jpeg
2012-02-08 17:08:20 3 192.168.2.200 TCP_HIT/200 8529 GET http://l.yimg.com/cv/ae/us/yahoo/120117/92x55l3bd2qfcz.jpg - NONE/- image/jpeg
2012-02-08 17:08:20 1 192.168.2.200 TCP_HIT/200 1256 GET http://l.yimg.com/a/images/ww/met/slimheader/yahoo-logo-sm-png8.png - NONE/- image/png
2012-02-08 17:08:20 2272 192.168.2.200 TCP_MISS/200 5470 GET http://l1.yimg.com/cv/ip/ap/default/120207/beyonce_sm.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:20 1452 192.168.2.200 TCP_MISS/200 11142 GET http://l.yimg.com/cv/ip/ap/default/120207/lizard110.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:21 1119 192.168.2.200 TCP_MISS/200 12522 GET http://l.yimg.com/cv/ip/ap/default/120207/superhero80.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:21 1534 192.168.2.200 TCP_MISS/200 12556 GET http://l.yimg.com/cv/ip/ap/default/120207/chickenpiccata110.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:21 5072 192.168.2.200 TCP_MISS/200 66296 GET http://www.yahoo.com/ - DIRECT/72.30.2.43 text/html
^C
root@ThinkPad:~# netstat -tuanp | grep squid
tcp 0 0 0.0.0.0:3129 0.0.0.0:* LISTEN 1805/(squid)
tcp 0 0 110.164.205.140:80 192.168.2.200:51088 ESTABLISHED 1805/(squid)
tcp 0 0 192.168.2.200:47416 216.115.100.102:80 ESTABLISHED 1805/(squid)
tcp 0 0 192.168.2.200:38141 216.115.100.102:80 ESTABLISHED 1805/(squid)
tcp 0 0 192.168.2.200:50905 216.115.100.102:80 ESTABLISHED 1805/(squid)
tcp 0 0 110.164.205.143:80 192.168.2.200:51120 ESTABLISHED 1805/(squid)
tcp 0 0 216.115.100.103:80 192.168.2.200:51133 ESTABLISHED 1805/(squid)
tcp 0 0 192.168.2.200:43751 216.115.100.102:80 ESTABLISHED 1805/(squid)
tcp 0 0 110.164.205.143:80 192.168.2.200:51118 ESTABLISHED 1805/(squid)
tcp 0 0 110.164.205.143:80 192.168.2.200:51124 ESTABLISHED 1805/(squid)
tcp 0 0 216.115.100.103:80 192.168.2.200:51139 ESTABLISHED 1805/(squid)
tcp 0 0 110.164.205.143:80 192.168.2.200:51105 ESTABLISHED 1805/(squid)
tcp 0 0 216.115.100.103:80 192.168.2.200:51134 ESTABLISHED 1805/(squid)
tcp 0 0 216.115.100.103:80 192.168.2.200:51135 ESTABLISHED 1805/(squid)
tcp 0 0 118.214.31.139:80 192.168.2.200:51095 ESTABLISHED 1805/(squid)
tcp 0 0 192.168.2.200:56003 216.115.100.102:80 ESTABLISHED 1805/(squid)
tcp 0 0 216.115.100.103:80 192.168.2.200:51142 ESTABLISHED 1805/(squid)
tcp 0 0 110.164.205.149:80 192.168.2.200:51126 ESTABLISHED 1805/(squid)
tcp 0 0 192.168.2.200:33132 216.115.100.102:80 ESTABLISHED 1805/(squid)
tcp 0 0 192.168.2.200:37754 216.115.100.102:80 ESTABLISHED 1805/(squid)
Refer http://wiki.squid-cache.org/Features/Tproxy4
echo 2 > /proc/sys/net/ipv4/conf/default/rp_filter
echo 2 > /proc/sys/net/ipv4/conf/all/rp_filter
modprobe ip_tables
modprobe iptable_filter
modprobe ipt_TPROXY
modprobe ipt_tproxy
=======================
config on /etc/sysctrl.conf
net.ipv4.conf.default.rp_filter=2
net.ipv4.conf.all.rp_filter=2
net.ipv4.ip_forward=1
=============================
Add in /etc/rc.local
ip rule add fwmark 1 lookup 100
ip route add local 0.0.0.0/0 dev lo table 100
iptables -t mangle -N DIVERT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1
iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3129
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -A FORWARD -o eth0 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 5/sec -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
================================
#squid3 config
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access allow manager
http_access allow !Safe_ports
http_access allow CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all
http_reply_access allow all
http_port 3129 tproxy
tcp_outgoing_address 0.0.0.0
udp_incoming_address 0.0.0.0
udp_outgoing_address 0.0.0.0
icp_port 0
via off
forwarded_for off
log_mime_hdrs off
httpd_suppress_version_string on
ie_refresh on
cache_mem 256 MB
maximum_object_size_in_memory 16 KB
cache_dir ufs /var/spool/squid3/cache1 1000 16 256
cache_dir ufs /var/spool/squid3/cache2 1000 16 256
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
minimum_object_size 0 KB
maximum_object_size 40960 KB
mime_table /usr/share/squid3/mime.conf
logformat common %{%Y-%m-%d %H:%M:%S}tl %6tr %>a %Ss/%03>Hs %access_log /var/log/squid3/access.log common
cache_log /var/log/squid3/cache.log
cache_store_log none
logfile_rotate 5
log_mime_hdrs off
shutdown_lifetime 5 seconds
log_icp_queries off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 1440 20% 14400
cache_mgr webmaster
cache_effective_user proxy
cache_effective_group proxy
pid_filename /var/run/squid3.pid
coredump_dir /var/cache/squid3
==========
url http://wiki.squid-cache.org/Features/Tproxy4
check squid support
squid 3.1 = squid3 -v | grep "enable-linux-netfilter"
kernel 2.6.35 up
iptable 1.4.1
sample netstat and log
root@ThinkPad:~# tail -f /var/log/squid3/access.log
2012-02-08 17:08:18 267 192.168.2.200 TCP_MISS/200 3410 GET http://l.yimg.com/cv/ae/us/yahoo/111031/120x45liw942fx1.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:18 347 192.168.2.200 TCP_MISS/200 1539 GET http://l1.yimg.com/a/i/ww/met/pa_icons_18/twitter_new_20101222.gif - DIRECT/216.115.100.102 image/gif
2012-02-08 17:08:18 24 192.168.2.200 TCP_HIT/200 3070 GET http://l.yimg.com/a/i/mntl/aut/09q4/def_aa9d6007.jpg - NONE/- image/jpeg
2012-02-08 17:08:19 562 192.168.2.200 TCP_MISS/200 3440 GET http://l.yimg.com/cv/ip/ap/default/120207/bikeman_sec.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:19 1 192.168.2.200 TCP_HIT/200 2577 GET http://l.yimg.com/a/i/ww/met/sprite_videoicon_20100201_ltr.png - NONE/- image/png
2012-02-08 17:08:19 861 192.168.2.200 TCP_MISS/200 5836 GET http://l1.yimg.com/cv/ip/ap/default/120207/moreno2_sm.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:19 886 192.168.2.200 TCP_MISS/200 6500 GET http://l1.yimg.com/cv/ip/ap/default/120207/maria_sm.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:19 913 192.168.2.200 TCP_MISS/200 3467 GET http://l.yimg.com/cv/ip/ap/default/120208/syria_sc.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:19 664 192.168.2.200 TCP_MISS/200 14284 GET http://l.yimg.com/cv/ip/ap/default/120207/engagement110.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:19 13 192.168.2.200 TCP_HIT/200 20904 GET http://l.yimg.com/zz/combo? - NONE/- application/x-javascript
2012-02-08 17:08:20 1667 192.168.2.200 TCP_MISS/200 3853 GET http://l.yimg.com/cv/ip/ap/default/120207/amyduggar_sec.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:20 1688 192.168.2.200 TCP_MISS/200 5862 GET http://l1.yimg.com/cv/ip/ap/default/120207/robertdowney_sm.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:20 1510 192.168.2.200 TCP_MISS/200 2515 GET http://l1.yimg.com/cv/ip/ap/default/120208/romney_sm.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:20 1639 192.168.2.200 TCP_MISS/200 16956 GET http://l.yimg.com/cv/mntl/aut/11q3/img_f21dc41a.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:20 1 192.168.2.200 TCP_HIT/200 5500 GET http://l.yimg.com/cv/mntl/sma/11q3/img_68b0e692.jpg - NONE/- image/jpeg
2012-02-08 17:08:20 3 192.168.2.200 TCP_HIT/200 8529 GET http://l.yimg.com/cv/ae/us/yahoo/120117/92x55l3bd2qfcz.jpg - NONE/- image/jpeg
2012-02-08 17:08:20 1 192.168.2.200 TCP_HIT/200 1256 GET http://l.yimg.com/a/images/ww/met/slimheader/yahoo-logo-sm-png8.png - NONE/- image/png
2012-02-08 17:08:20 2272 192.168.2.200 TCP_MISS/200 5470 GET http://l1.yimg.com/cv/ip/ap/default/120207/beyonce_sm.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:20 1452 192.168.2.200 TCP_MISS/200 11142 GET http://l.yimg.com/cv/ip/ap/default/120207/lizard110.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:21 1119 192.168.2.200 TCP_MISS/200 12522 GET http://l.yimg.com/cv/ip/ap/default/120207/superhero80.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:21 1534 192.168.2.200 TCP_MISS/200 12556 GET http://l.yimg.com/cv/ip/ap/default/120207/chickenpiccata110.jpg - DIRECT/216.115.100.102 image/jpeg
2012-02-08 17:08:21 5072 192.168.2.200 TCP_MISS/200 66296 GET http://www.yahoo.com/ - DIRECT/72.30.2.43 text/html
^C
root@ThinkPad:~# netstat -tuanp | grep squid
tcp 0 0 0.0.0.0:3129 0.0.0.0:* LISTEN 1805/(squid)
tcp 0 0 110.164.205.140:80 192.168.2.200:51088 ESTABLISHED 1805/(squid)
tcp 0 0 192.168.2.200:47416 216.115.100.102:80 ESTABLISHED 1805/(squid)
tcp 0 0 192.168.2.200:38141 216.115.100.102:80 ESTABLISHED 1805/(squid)
tcp 0 0 192.168.2.200:50905 216.115.100.102:80 ESTABLISHED 1805/(squid)
tcp 0 0 110.164.205.143:80 192.168.2.200:51120 ESTABLISHED 1805/(squid)
tcp 0 0 216.115.100.103:80 192.168.2.200:51133 ESTABLISHED 1805/(squid)
tcp 0 0 192.168.2.200:43751 216.115.100.102:80 ESTABLISHED 1805/(squid)
tcp 0 0 110.164.205.143:80 192.168.2.200:51118 ESTABLISHED 1805/(squid)
tcp 0 0 110.164.205.143:80 192.168.2.200:51124 ESTABLISHED 1805/(squid)
tcp 0 0 216.115.100.103:80 192.168.2.200:51139 ESTABLISHED 1805/(squid)
tcp 0 0 110.164.205.143:80 192.168.2.200:51105 ESTABLISHED 1805/(squid)
tcp 0 0 216.115.100.103:80 192.168.2.200:51134 ESTABLISHED 1805/(squid)
tcp 0 0 216.115.100.103:80 192.168.2.200:51135 ESTABLISHED 1805/(squid)
tcp 0 0 118.214.31.139:80 192.168.2.200:51095 ESTABLISHED 1805/(squid)
tcp 0 0 192.168.2.200:56003 216.115.100.102:80 ESTABLISHED 1805/(squid)
tcp 0 0 216.115.100.103:80 192.168.2.200:51142 ESTABLISHED 1805/(squid)
tcp 0 0 110.164.205.149:80 192.168.2.200:51126 ESTABLISHED 1805/(squid)
tcp 0 0 192.168.2.200:33132 216.115.100.102:80 ESTABLISHED 1805/(squid)
tcp 0 0 192.168.2.200:37754 216.115.100.102:80 ESTABLISHED 1805/(squid)
Subscribe to:
Posts (Atom)