Henrik,
The details:
>>1. Are you running a TPROXY kernel?
yes, we have tried running kernel 2.6.18 and 2.6.16 (following examples
in this list)
with the patches applyed.
lsmod | grep proxy
ipt_tproxy 1600 0
iptable_tproxy 15212 0
iptable_nat 7844 1 iptable_tproxy
ip_nat 17036 2 iptable_tproxy,iptable_nat
ip_conntrack 50264 3 iptable_tproxy,iptable_nat,ip_nat
ip_tables 12100 3
iptable_filter,iptable_tproxy,iptable_nat
x_tables 11876 5
ipt_TPROXY,ipt_tproxy,xt_tcpudp,iptable_nat,ip_tables
>>2. Have you started Squid as root?
Yes, i am running it manually and with ./RunCache. We have also tried it
starting it as a service, always with all privileges
>>3. Do you have appropriate tproxy iptables rules in place?
yes, weve tried all kind of rules, always implementing PREROUTING like
this one:
iptables -t tproxy -A PREROUTING -p tcp -m tcp -i gre0 --dport 80 -j
TPROXY --on-port 80
we are now discarting last options, like the MUST tcp_outgoing_address
(wich makes that clients times out while surfing)......but any clues are
welcome
-----Mensaje original-----
De: Henrik Nordstrom [mailto:henrik@henriknordstrom.net]
Enviado el: Jueves, 17 de Mayo de 2007 11:12 a.m.
Para: Nicolas Royo
CC: squid-users@squid-cache.org
Asunto: RE: [squid-users] Really transparent proxy
tor 2007-05-17 klockan 04:37 -0300 skrev Nicolas Royo:
> one more thing,
>
> with tproxy and via on i can see this in our syslog
>
> May 17 04:37:03 squid-RC9 squid[22653]: tproxy
> ip=201.235.156.xxx,0xc29cebc9,port=0 ERROR ASSIGN
So something is not quite right with your TPROXY setup.
1. Are you running a TPROXY kernel?
2. Have you started Squid as root?
3. Do you have appropriate tproxy iptables rules in place?
Regards
Henrik
Received on Thu May 17 2007 - 14:49:03 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:05 MDT