Re: [squid-users] Squid -2.6 with Tproxy

Your iptables patch not complete
fc5 use iptables rpm source, you need iptables from tar.gz/bz source
- uninstall the iptables rpm,
- download tar.gz/bz source from netfilter.org
- patch it with iptables-1.3-cttproxy.diff before ./configure
 

rgds,
Tino

----- Original Message -----
From: "Sunil K.P." <sunil@hyperia.com>
To: <squid-users@squid-cache.org>
Sent: Friday, August 11, 2006 4:33 PM
Subject: [squid-users] Squid -2.6 with Tproxy

> Hi,
>
> I have squid 2.6 STABLE 2 running on FC 2.6.15.2.
> It is working fine in transparent mode.
>
> But I am trying to use Tproxy so that all the requests will spoofed to
> show the clients IP address and not the cache server.
> The patches have been applied to the kernel, compiled and applied as per
> procedure.
> After restarting the system the modules ipt_tproxy and ipt_TPROXY are
> loaded.
>
> The problem starts when I apply the following iptables rule
> iptables -t tproxy -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j
> TPROXY --on-port 3128
>
> The traffic stops going thru the cache server. If the rule is removed
> the traffic goes smoothly.
> Cache.log shows the following error
> tproxy ip=192.168.10.11,0x9eec383e,port=0 ERROR ASSIGN
>
> There seems to be no proper documentation for implementation of tproxy
> with squid on the net.
> Pls. advice.
>
> Regards
> Sunil
Received on Fri Aug 11 2006 - 04:01:58 MDT