Transparent proxy traffic allowed but logged by 'Default deny'

Started by hbc, October 24, 2019, 08:48:21 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 24, 2019, 08:48:21 AM
I run a transparent squid proxy on 19.7.5_5 (80, 443 redirected to localhost 3128, 3129).

Everything is working: Traffic intercepted, redirected to localhost proxy, processed and clients browse without additional settings.

The only issue are the log entries which are generated and rise the impression that traffic is blocked which is actually not the case:

Log entry:
Code Select

StudentsNet Oct 24 08:23:18 10.1.0.241:63039 127.0.0.1:3129 tcp Default deny rule


I tested traffic, ports and logs. Everything works and for users no problems, except these deny rules flooding logs.

Port forward:
Code Select
GRPStudents TCP GRPStudents net Port_unprivileged  * 80 (HTTP) 127.0.0.1 3128 redirect traffic to local proxy
GRPStudents TCP GRPStudents net Port_unprivileged  * 443 (HTTPS) 127.0.0.1 3129 redirect traffic to local proxy

Associated rules:
Code Select
IPv4 TCP GRPStudents net Port_unprivileged  127.0.0.1 3128 * * NAT redirect traffic to local proxy (IPv4)
IPv4 TCP GRPStudents net Port_unprivileged  127.0.0.1 3129 * * NAT redirect traffic to local proxy (IPv4)

GRPStudents is an interface group, consisting of three interfaces.
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
October 24, 2019, 10:30:20 AM #1
Can you grep the line from filter.log? Maybe it blocks some out of order RST packets from an already closed session. Also happens sometimes on Linux with iptables.
October 24, 2019, 04:23:24 PM #2 Last Edit: October 24, 2019, 04:31:44 PM by hbc
Well, that maybe possible. I have some blocklists active, so that proxy denies ad tracker and telemetry.

I will check whether a proxy deny correlates with the log entries and check filter.log

Update:

flags in filter.log are different.

127.0.0.1,36388,3129,24,PA,2989120169:2989120193,3146837101,911,,nop;nop;TS
127.0.0.1,36388,3129,0,FA,2989120193,3146837101,911,,nop;nop;TS
127.0.0.1,59012,3129,24,PA,425872857:425872881,1453957540,741,,nop;nop;TS
127.0.0.1,47393,3129,24,FPA,604622599:604622623,843939034,775,,nop;nop;TS
127.0.0.1,51150,3129,24,PA,2163678365:2163678389,1241170655,821,,nop;nop;TS
127.0.0.1,51150,3129,0,FA,2163678389,1241170655,821,,nop;nop;TS
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
Print
Go Up Pages1
User actions