Re: [squid-users] Squid -2.6 with Tproxy

Hi, sorry for late reply ..

I'm using fc4 upgrade & it to kernel 2.6.15.7
iptables-1.3.0.tar.bz2 from netfilter.org
after patch with balabit iptables, ./configure & make, make sure
libipt_tproxy.so exist in /lib/iptables.
If it is not there, than you have to 'gcc' manually from iptables source you
extracted, check inside folder at <iptables source>/extentions/

----- Original Message -----
From: "Angel Mieres" <amieres@eneotecnologia.com>
To: "tino" <tino.kriswanto@gmail.com>; <sunil@hyperia.com>;
<squid-users@squid-cache.org>
Sent: Friday, August 11, 2006 6:46 PM
Subject: Re: [squid-users] Squid -2.6 with Tproxy

> Sunil, im trying to do the same that you are trying, i patched iptables
> 1.3.5 & 1.3.4 and the problem persist.
>
> Tino, have you work this succesfully? could you told me version have you
> used?(i refer iptables, patch aplied, kernel used, patch tproxy used...)
>
> Im using kernel 2.6.15.2 with balabit tproxy patch iptables 1.3.5 and
> squid 2.6 STABLE2 and always squid debug mode show me the same that show
> Sunil.
>
> I think that my problem is on iptables version and his patch.
>
> Regards,
> Angel M.
>
>> Your iptables patch not complete
>> fc5 use iptables rpm source, you need iptables from tar.gz/bz source
>> - uninstall the iptables rpm,
>> - download tar.gz/bz source from netfilter.org
>> - patch it with iptables-1.3-cttproxy.diff before ./configure
>>
>>
>> rgds,
>> Tino
>>
>> ----- Original Message -----
>> From: "Sunil K.P." <sunil@hyperia.com>
>> To: <squid-users@squid-cache.org>
>> Sent: Friday, August 11, 2006 4:33 PM
>> Subject: [squid-users] Squid -2.6 with Tproxy
>>
>>
>> > Hi,
>> >
>> > I have squid 2.6 STABLE 2 running on FC 2.6.15.2.
>> > It is working fine in transparent mode.
>> >
>> > But I am trying to use Tproxy so that all the requests will spoofed to
>> > show the clients IP address and not the cache server.
>> > The patches have been applied to the kernel, compiled and applied as
>> > per
>> > procedure.
>> > After restarting the system the modules ipt_tproxy and ipt_TPROXY are
>> > loaded.
>> >
>> > The problem starts when I apply the following iptables rule
>> > iptables -t tproxy -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j
>> > TPROXY --on-port 3128
>> >
>> > The traffic stops going thru the cache server. If the rule is removed
>> > the traffic goes smoothly.
>> > Cache.log shows the following error
>> > tproxy ip=192.168.10.11,0x9eec383e,port=0 ERROR ASSIGN
>> >
>> > There seems to be no proper documentation for implementation of tproxy
>> > with squid on the net.
>> > Pls. advice.
>> >
>> > Regards
>> > Sunil
>>
> --
> Angel Mieres - amieres@eneotecnologia.com
> ///////////////////////////////////////// Gentoo has you...
>
>
Received on Sat Aug 12 2006 - 21:23:17 MDT