Brian wrote:
> Yes, I checked that, and tried to compile with the support. I tried
> ipchains and also got the same results.
So what kernel are you using actually using?
Please note that using ipchains on Linux-2.4 then it is still netfilter
and thus still requires Squid to be compiled with support for netfilter.
The fact that it looks like the old ipchains does not make the kernel
implementation identical to ipchains on Linux-2.2, in fact there are
rather subtle differences, especially for traffic interception (REDIRECT
target).
> I will recheck everything. Been running squid for years under linux in
> transparent proxy mode. True, I am new to ipfilter, but I don't believe
> the config is wrong, but I will verify everything.
If you are using Linux-2.4 with iptables or any of the ipchains/ipfwadm
backward compability modules then Squid MUST be compiled with support
for netfiler, or it won't find the correct destination address on
requests not having a Host header. Support for Linux netfilter is only
available in Squid-2.4 or later. Squids earlier than Squid-2.4 requires
some patching for Linux netfilter support. (no, I do not have the
required patch)
If you are using Linux-2.2 with ipchains then no special compiletime
options is required. All the details of transparent proxying is "hidden"
by the kernel, making the application think that it can accept requests
for anyone (well.. actualy it can, so...)
Regards
Henrik Nordström
Squid Hacker
Received on Mon Oct 01 2001 - 16:24:44 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:35 MST