[ILUG] either transparent proxy or iptables problem.

Fri Jan 4 18:24:14 GMT 2008

Hello,

Oh it's been an interesting few hours.

first, since last night, I've been unable to access the server.  mainly
because I am using a headless machine so I only access it via ssh and
something went wrong with the iptables and all access on any port was
completely blocked.  To my delight though, this was fixed with a reboot
and a purge of the iptables rules.

So, at the moment, everything seems to be running reasonably well as far
as routing goes.  a simple traceroute shows that connections are going
through the server, to the router out to the internet.

This iptables stuff is particularly difficult to read!  I'd really love to
find a way of displaying this tabular stuff in just straight forward
format.  either that, or in some kind of format that I can export to html.
 Me and tables that are only formatted using spaces just don't mix at all.
 I really have no idea how blind people use the linux CLI all the time. 
Ok.  rant over.

so... my problem:
I have squid set up and I have got past a few problems that cropped up due
to a few changes between this version and the older one.  hmmm.   so much
for backword compatibility!  The error messages were as useful as an
ashtray on a motorbike!

I've tested the route with squid running and all is still flowing properly.

when I run squid though, in the logs, I see a line that says that port
3128 is in use.  Here is the error:
squid[16079]: commBind: Cannot bind socket FD 13 to *:3128: (98) Address
already in use

when I use netstat, I see:
tcp        0      0 0.0.0.0:3128            0.0.0.0:*               LISTEN

now... I could be barking up the wrong tree completely, but this is the
only reason that I can see why squid may not be handling requests.

nmap shows the following:
3128/tcp open  squid-http

Here are my iptables rules.   I think it should be sending traffic to 3128
but it's kind of difficult to tell for sure at the moment.

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:22
ACCEPT     icmp --  192.168.2.25         anywhere
ACCEPT     all  --  anywhere             anywhere            state
RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            state
RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere            udp spt:67
dpt:68
ACCEPT     all  --  anywhere             anywhere
DROP       tcp  --  anywhere             anywhere            tcp dpt:1214
DROP       udp  --  anywhere             anywhere            udp dpt:1214
LOG        tcp  --  anywhere             anywhere            tcp
dpts:0:1023 state NEW LOG level warning prefix `LOW PORT TCP CONNECTION: '
LOG        udp  --  anywhere             anywhere            state NEW udp
dpts:0:1023 LOG level warning prefix `LOW PORT UDP CONNECTION: '
LOG        tcp  --  anywhere             anywhere            state NEW tcp
dpts:1024:65535 LOG level warning prefix `HIGH PORT UDP CONNECTION: '
LOG        udp  --  anywhere             anywhere            state NEW udp
dpts:1024:65535 LOG level warning prefix `HIGH PORT UDP CONNECTION:'
LOG        tcp  --  anywhere             anywhere            tcp
flags:!SYN,RST,ACK/SYN state NEW LOG level warning prefix `NEW NOT SYN: '
LOG        icmp --  anywhere             anywhere            LOG level
warning prefix `ECHO: '
ACCEPT     udp  --  anywhere             anywhere            udp spt:123

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Thanks again.

Darragh