Project

General

Profile

Actions

Bug #901

closed

Squid "Don't filter for RFC1918" doesn't work for PPTP (patch included)

Added by Overand IRC-Priv about 14 years ago. Updated almost 14 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Squid
Target version:
-
Start date:
09/17/2010
Due date:
% Done:

20%

Estimated time:
Plus Target Version:
Affected Version:
1.2.3
Affected Plus Version:
Affected Architecture:

Description

NOTE this bug is filed against / patch is built against 2.7.8_1 - so if this is a dupe of a fixed bug, I apologize.

Squid can't "not filter" traffic coming in via the PPTP interfaces, per the RFC1918 checklist.

I've attached a patch for squid.inc that works in my situation, but it needs a few more checks - i.e. we only want tod o this if PPTP exists, and use the correct interface alias variable as defined in the code above.

Expected Behavior: PPTP clients can connect to RFC1918 addresses 'the same as' LAN-connected users.

Actual Behavior: All PPTP clients are proxied, as the "no rdr" rules generated only apply against the 'directly attached' interfaces.

Relevant section of /tmp/rules.debug (with the line my patch adds commented out ###)

# Setup Squid proxy redirect
no rdr on bge0 proto tcp from any to { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 } port 80
### no rdr on $pptp proto tcp from any to { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 } port 80
no rdr on bge0 proto tcp from { 192.168.1.11, 192.168.1.9, 192.168.1.92, 192.168.1.210, 192.168.1.253, 192.168.1.150, 192.168.1.160, 192.168.1.176, 192.168.1.
177, 192.168.1.178, 192.168.1.179, 192.168.1.180, 192.168.1.113 } to any port 80
rdr on bge0 proto tcp from any to !(bge0) port 80 -> 127.0.0.1 port 80
rdr on $pptp proto tcp from any to !127.0.0.1 port 80 -> 127.0.0.1 port 80

Files

squid-rdr-pptp-quick-0.1.patch (726 Bytes) squid-rdr-pptp-quick-0.1.patch Overand IRC-Priv, 09/17/2010 01:01 PM
Actions

Also available in: Atom PDF