RE: [squid-users] Transparent proxy with tproxy

If you're trying to specify a port, you must use '-p tcp' to tell iptables
which protocol you're referring to.

So you will want a rule similar to the following:
iptables -t tproxy -A PREROUTING -p tcp -j TPROXY --on-port 3128

Steven

> -----Original Message-----
> From: chima s [mailto:chima.s@gmail.com]
> Sent: Saturday, 3 June 2006 4:33 PM
> To: Steven Wilton
> Cc: squid-users@squid-cache.org
> Subject: Re: [squid-users] Transparent proxy with tproxy
>
> Hi,
>
> What will be rule to redirect the port 80 traffic to sqiud
> with tproxy table.
>
> I am using kernel-2.6.10 and iptables 1.3.3 and patched bith the
> kernel and iptables utility, but still i am getting error if i apply
> the rule
>
> iptables -t tproxy -A PREROUTING -j TPROXY --on-port 3128
> Unknown arg `--on-port'
>
> iptables -t nat -A PREROUTING -j DNAT --to-dest 172.16.8.5
> --to-port 3128
> Unknown arg `--to-port'
>
> Regards
> Chima
>
> On 6/2/06, Steven Wilton <swilton@q-net.net.au> wrote:
> > The TPROXY_ASSIGN message is indicating that squid has
> asked the kernel to
> > assign the client's ip address to the server-side
> connection, and the kernel
> > has returned an error. The kernel needs to be patched with
> the kernel-side
> > tproxy patch, otherwise this will always fail. Iptables
> must also be
> > patched to support tproxy, and you must use the TPROXY
> iptables target, and
> > "-t tproxy" (instead of the REDIRECT with "-t nat").
> >
> > These patches can be found at
> http://www.balabit.com/downloads/tproxy/
> >
> > These errors are not fatal, they just indicate that squid
> is not spoofing
> > the client's ip address.
> >
> > Regards
> >
> > Steven
> >
> > > -----Original Message-----
> > > From: chima s [mailto:chima.s@gmail.com]
> > > Sent: Thursday, 1 June 2006 6:02 PM
> > > To: squid-users@squid-cache.org
> > > Subject: [squid-users] Transparent proxy with tproxy
> > >
> > > Hi,
> > >
> > > I have configured transparent proxy wit tproxy,iptables. I have 2
> > > problems in this setup
> > >
> > > First one is, i am getting the following msg in the cache log
> > >
> > > tproxy ip=192.168.5.1,0x18a0b1ca,port=0 ERROR ASSIGN
> > >
> > > can anybody encountered this error msg and what is the
> meaning of this
> > > error msg and when it will come,
> > >
> > >
> > > Second issue is after enabling the cache for 2 mins
> browsing is very
> > > solw some times the page is not opening and after 2 mins
> browsing is
> > > normal.
> > >
> > > Is it anything to do with cache or ip_conntrack?
> > >
> > > Thanks and Regards
> > > Chima
> > >
> > > --
> > > No virus found in this incoming message.
> > > Checked by AVG Free Edition.
> > > Version: 7.1.394 / Virus Database: 268.8.0/353 - Release
> > > Date: 31/05/2006
> > >
> > >
> >
> > --
> > No virus found in this outgoing message.
> > Checked by AVG Free Edition.
> > Version: 7.1.394 / Virus Database: 268.8.1/354 - Release
> Date: 1/06/2006
> >
> >
> >
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.1.394 / Virus Database: 268.8.2/356 - Release
> Date: 5/06/2006
>
>

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.8.2/356 - Release Date: 5/06/2006