Re: [squid-users] Transparent proxy with tproxy from chima s on 2006-06-03 (squid-users)

From: chima s <chima.s@dont-contact.us>
Date: Sat, 3 Jun 2006 14:02:35 +0530

Hi,

What will be rule to redirect the port 80 traffic to sqiud with tproxy table.

I am using kernel-2.6.10 and iptables 1.3.3 and patched bith the
kernel and iptables utility, but still i am getting error if i apply
the rule

iptables -t tproxy -A PREROUTING -j TPROXY --on-port 3128
Unknown arg `--on-port'

iptables -t nat -A PREROUTING -j DNAT --to-dest 172.16.8.5 --to-port 3128
Unknown arg `--to-port'

Regards
Chima

On 6/2/06, Steven Wilton <swilton@q-net.net.au> wrote:
> The TPROXY_ASSIGN message is indicating that squid has asked the kernel to
> assign the client's ip address to the server-side connection, and the kernel
> has returned an error. The kernel needs to be patched with the kernel-side
> tproxy patch, otherwise this will always fail. Iptables must also be
> patched to support tproxy, and you must use the TPROXY iptables target, and
> "-t tproxy" (instead of the REDIRECT with "-t nat").
>
> These patches can be found at http://www.balabit.com/downloads/tproxy/
>
> These errors are not fatal, they just indicate that squid is not spoofing
> the client's ip address.
>
> Regards
>
> Steven
>
> > -----Original Message-----
> > From: chima s [mailto:chima.s@gmail.com]
> > Sent: Thursday, 1 June 2006 6:02 PM
> > To: squid-users@squid-cache.org
> > Subject: [squid-users] Transparent proxy with tproxy
> >
> > Hi,
> >
> > I have configured transparent proxy wit tproxy,iptables. I have 2
> > problems in this setup
> >
> > First one is, i am getting the following msg in the cache log
> >
> > tproxy ip=192.168.5.1,0x18a0b1ca,port=0 ERROR ASSIGN
> >
> > can anybody encountered this error msg and what is the meaning of this
> > error msg and when it will come,
> >
> >
> > Second issue is after enabling the cache for 2 mins browsing is very
> > solw some times the page is not opening and after 2 mins browsing is
> > normal.
> >
> > Is it anything to do with cache or ip_conntrack?
> >
> > Thanks and Regards
> > Chima
> >
> > --
> > No virus found in this incoming message.
> > Checked by AVG Free Edition.
> > Version: 7.1.394 / Virus Database: 268.8.0/353 - Release
> > Date: 31/05/2006
> >
> >
>
> --
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.1.394 / Virus Database: 268.8.1/354 - Release Date: 1/06/2006
>
>
>
Received on Sat Jun 03 2006 - 02:32:38 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Jul 01 2006 - 12:00:01 MDT