iperf test with wanproxy
Juli Mallett
juli at clockworksquid.com
Tue Aug 20 16:44:19 PDT 2013
Thank you Iheanyi. Look at Diego's configs posted earlier today for a
similar setup or perhaps try having redsocks on a separate machine just as
a test? Good luck and thanks for being willing to report back.
On 2013-08-20, at 16:27, Iheanyi Obasi <iobasi at hotmail.com> wrote:
Yes there is certainly a possibility of a loop on the downstream end. I
will have to do some more tinkering to eventually pinpoint the culprit. For
now a firewall rule for WANProxy’s traffic is inevitable.
I will update on my findings for everyone’s benefit.
*From:* Juli Mallett [mailto:juli at clockworksquid.com<juli at clockworksquid.com>]
*Sent:* Tuesday, August 20, 2013 9:14 PM
*To:* iobasi
*Cc:* wanproxy at lists.wanproxy.org
*Subject:* Re: iperf test with wanproxy
Any chance that there's some kind of loop in redsocks? I wonder if you can
somehow exclude WANProxy's traffic from going through redsocks?
On Tue, Aug 20, 2013 at 1:10 PM, Iheanyi Obasi <iobasi at hotmail.com> wrote:
Thanks for the tip Juli.
So I have tried to be more thorough this time around and I can say one
thing – the iperf doesn’t work well on a SOCKS connection. When the
connection is initiated the SOCKS proxy keeps sending data to the iperf
server without returning output to the iperf client. I’m not sure why it
behaves this way but I will give it some more investigation when I have
more time.
The tests you asked me to carry out all turned out positive, from the
upstream server, I can curl urls through the SOCKS port on the upstream
server (not via 3302 but via 3301). I can also use the upstream SOCKS proxy
from my local computer.
A look at packet captures on the downstream proxy showed the bizarre
behaviour during iperf tests so I guess I’ll have to look for another way
to measure throughput with my socks proxies. Any tips will be appreciated.
Thanks again.
*From:* Juli Mallett [mailto:juli at clockworksquid.com]
*Sent:* Tuesday, August 20, 2013 8:56 AM
*To:* iobasi at hotmail.com
*Cc:* wanproxy at lists.wanproxy.org
*Subject:* Re: iperf test with wanproxy
First, as for simplifying, you can use references to other fields in your
config, which might simplify things, e.g. "set if2.port $peer0.port" or
similar.
Since you've already disabled the codecs (which means you won't get any
optimization, but is useful for testing), I'd suggest you go step-by-step
verifying that things work as expected.
So first, log in to 4.4.4.4, and use something to try making a socks
connection there via port 3302, e.g. curl with --socks5 or whatever.
Then try using 4.4.4.4:3301 as a socks proxy from your local system that's
running WANProxy. See if you can even reach it with netcat or telnet if
that doesn't work for some reason.
If that works, then I'd guess there's some problem with redsocks — does it
do any logging or could you turn any on? My first guess would be that it's
failing to authenticate properly since WANProxy doesn't support
authentication.
You may try passing -v to each WANProxy instance, and then see if WANProxy
logs anything.
Likewise, you could use tcpdump on each system to see what traffic is being
generated. You seem pretty comfortable with networking, but if you need
help with that let me and/or the list know.
Thanks,
Juli.
On Mon, Aug 19, 2013 at 11:48 PM, Iheanyi Obasi <iobasi at hotmail.com> wrote:
Hello,
This a great project. However, I have this strange thing that happens with
wanproxy. I can redirect my TCP sessions through it. However, when I
initiate an iperf test, it reaches the other end and then immediately
resets the connection. So all I end up getting for my SYN request is a RST
ACK. I am wondering if there is something wrong with my setup so I’m
posting it for someone to please raise a flag here. My topology looks like
this
LAN ---> SOCKS ---> WANPROXY CLIENT ---> WANPROXY SERVER (WITH SOCKS) ---->
INTERNET (IPERF SERVER)
I use the socks proxy to get many TCP ports through the proxy. I would
appreciate information about another way of doing this. So that’s the
topology, here are the wanproxy configs
CLIENT SOCKS PROXY
redsocks {
local_ip = 0.0.0.0;
local_port = 5001;
ip = 127.0.0.1;
port = 3300;
}
CLIENT CONFIG
create interface if0
set if0.family IPv4
set if0.host "127.0.0.1"
set if0.port "3300"
activate if0
create peer peer0
set peer0.family IPv4
set peer0.host "4.4.4.4"
set peer0.port "3301"
activate peer0
create proxy proxy0
set proxy0.type TCP-TCP
set proxy0.interface if0
set proxy0.interface_codec None
set proxy0.peer peer0
set proxy0.peer_codec None
activate proxy0
SERVER CONFIG
create interface if0
set if0.family IP
set if0.host "4.4.4.4"
set if0.port "3301"
activate if0
create peer peer0
set peer0.family IPv4
set peer0.host "localhost"
set peer0.port "3302"
activate peer0
create proxy proxy0
set proxy0.type TCP-TCP
set proxy0.interface if0
set proxy0.interface_codec None
set proxy0.peer peer0
set proxy0.peer_codec None
activate proxy0
create interface if2
set if2.family IPv4
set if2.host "localhost"
set if2.port "3302"
activate if2
create proxy-socks proxy-socks0
set proxy-socks0.interface if2
activate proxy-socks0
It feels like overkill to me so suggestions to simplify are welcome. Thank
you.
_______________________________________________
wanproxy mailing list
wanproxy at lists.wanproxy.org
http://lists.wanproxy.org/listinfo.cgi/wanproxy-wanproxy.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wanproxy.org/pipermail/wanproxy-wanproxy.org/attachments/20130820/2b3fcd3c/attachment-0002.htm>
More information about the wanproxy
mailing list