[SQU] Squid 2.4.DEVEL4 on Linux 2.4 Transparent Proxy?

From: Evan Jones <ejones@dont-contact.us>
Date: Mon, 20 Nov 2000 17:28:57 -0500

Short question:

Can squid 2.4.DEVEL4 work as a transparent proxy on a Linux 2.4 kernel?

Long version:

I am trying to configure squid for Transparent proxying with a Linux 2.4
system. I cannot seem to get it to work, and I am not sure if it is my
configuration or if Squid cannot transparently proxy on Linux 2.4. Requests
are getting redirected to squid, but I get only "ERROR 503: Service
Unavailable" errors when I try to connect through it. Using squid as a
normal proxy works fine.

I have the following lines in my squid.conf:

http_port 3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

Could this be because the way to obtain the "original" destination IP
address has changed for Linux 2.4? From a posting to the netfilter mailing
list, available at:
http://lists.samba.org/pipermail/netfilter/2000-November/005847.html

Within the new Linux netfilter framework, NAT functionality is cleanly
separated from the TCP/IP core processing. In old days, you could easily
retrieve the original destination (IP address and port) of a transparently
proxied connection by calling the normal getsockname() syscall.
With netfilter, getsockname() returns the real local IP address and port.
However, the netfilter code gives all TCP sockets a new socket option,
SO_ORIGINAL_DST, for retrieval of the original IP/port combination.

Thank you for your assistance.

-- 
Evan Jones - ejones@netwinder.org
Technology with Attitude - Rebel.com
--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Mon Nov 20 2000 - 15:24:38 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:56:28 MST