Re: [squid-users] Squid -2.6 with Tproxy

From: Angel Mieres <amieres@dont-contact.us>
Date: Fri, 11 Aug 2006 13:46:13 +0200

Sunil, im trying to do the same that you are trying, i patched iptables
1.3.5 & 1.3.4 and the problem persist.

Tino, have you work this succesfully? could you told me version have you
used?(i refer iptables, patch aplied, kernel used, patch tproxy used...)

Im using kernel 2.6.15.2 with balabit tproxy patch iptables 1.3.5 and
squid 2.6 STABLE2 and always squid debug mode show me the same that show
Sunil.

I think that my problem is on iptables version and his patch.

Regards,
Angel M.

> Your iptables patch not complete
> fc5 use iptables rpm source, you need iptables from tar.gz/bz source
> - uninstall the iptables rpm,
> - download tar.gz/bz source from netfilter.org
> - patch it with iptables-1.3-cttproxy.diff before ./configure
>
>
> rgds,
> Tino
>
> ----- Original Message -----
> From: "Sunil K.P." <sunil@hyperia.com>
> To: <squid-users@squid-cache.org>
> Sent: Friday, August 11, 2006 4:33 PM
> Subject: [squid-users] Squid -2.6 with Tproxy
>
>
> > Hi,
> >
> > I have squid 2.6 STABLE 2 running on FC 2.6.15.2.
> > It is working fine in transparent mode.
> >
> > But I am trying to use Tproxy so that all the requests will spoofed to
> > show the clients IP address and not the cache server.
> > The patches have been applied to the kernel, compiled and applied as per
> > procedure.
> > After restarting the system the modules ipt_tproxy and ipt_TPROXY are
> > loaded.
> >
> > The problem starts when I apply the following iptables rule
> > iptables -t tproxy -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j
> > TPROXY --on-port 3128
> >
> > The traffic stops going thru the cache server. If the rule is removed
> > the traffic goes smoothly.
> > Cache.log shows the following error
> > tproxy ip=192.168.10.11,0x9eec383e,port=0 ERROR ASSIGN
> >
> > There seems to be no proper documentation for implementation of tproxy
> > with squid on the net.
> > Pls. advice.
> >
> > Regards
> > Sunil
>

-- 
Angel Mieres - amieres@eneotecnologia.com       
///////////////////////////////////////// Gentoo has you...
Received on Fri Aug 11 2006 - 05:46:44 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Sep 01 2006 - 12:00:02 MDT