Re: [squid-users] Squid -2.6 with Tproxy

From: Angel Mieres <amieres@dont-contact.us>
Date: Fri, 18 Aug 2006 14:08:00 +0200

Sorry Sunil for my late reply (i have problems with my internet
provider)

Of course i haven't been able to implement Tproxy, im using since start
only sources and all looks like compile ok.

This is my procedure:
- I patch kernel 2.6.15.2 vanilla with balabit patch from
cttproxy-2.6.15-2.0.4.tar.gz
- modify my kernel adding TPROXY support.
- compiled & etc etc etc
- patch iptables sources 1.3.4 , make KERNEL_DIR=... && make install
KERNEL_DIR=...
- On squid-2.6STABLE2... "./configure --enable-linux-tproxy
--enable-linux-netfilter && make all && make install" (if in this step
you have problems copy <kernel_dir>/include/linux/netfilter_ipv4/ into
your /usr/include/linux/netfilter_ipv4/ )

When i try to run squid in tproxy mode... Meeeak! Error port assign 0!
I think im dreaming with this error all nights xD, the error looks like
it's not able to spoofing clients.

Can someone help us with this stuff?

El mié, 16-08-2006 a las 21:32 +0100, Sunil K.P. escribió:
> Hi Angel,
>
> Have you been able to implement Tproxy successfully?
>
> Regards
> Sunil
>
> Angel Mieres wrote:
> > Sunil, im trying to do the same that you are trying, i patched iptables
> > 1.3.5 & 1.3.4 and the problem persist.
> >
> > Tino, have you work this succesfully? could you told me version have you
> > used?(i refer iptables, patch aplied, kernel used, patch tproxy used...)
> >
> > Im using kernel 2.6.15.2 with balabit tproxy patch iptables 1.3.5 and
> > squid 2.6 STABLE2 and always squid debug mode show me the same that show
> > Sunil.
> >
> > I think that my problem is on iptables version and his patch.
> >
> > Regards,
> > Angel M.
> >
> >
> >> Your iptables patch not complete
> >> fc5 use iptables rpm source, you need iptables from tar.gz/bz source
> >> - uninstall the iptables rpm,
> >> - download tar.gz/bz source from netfilter.org
> >> - patch it with iptables-1.3-cttproxy.diff before ./configure
> >>
> >>
> >> rgds,
> >> Tino
> >>
> >> ----- Original Message -----
> >> From: "Sunil K.P." <sunil@hyperia.com>
> >> To: <squid-users@squid-cache.org>
> >> Sent: Friday, August 11, 2006 4:33 PM
> >> Subject: [squid-users] Squid -2.6 with Tproxy
> >>
> >>
> >>
> >>> Hi,
> >>>
> >>> I have squid 2.6 STABLE 2 running on FC 2.6.15.2.
> >>> It is working fine in transparent mode.
> >>>
> >>> But I am trying to use Tproxy so that all the requests will spoofed to
> >>> show the clients IP address and not the cache server.
> >>> The patches have been applied to the kernel, compiled and applied as per
> >>> procedure.
> >>> After restarting the system the modules ipt_tproxy and ipt_TPROXY are
> >>> loaded.
> >>>
> >>> The problem starts when I apply the following iptables rule
> >>> iptables -t tproxy -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j
> >>> TPROXY --on-port 3128
> >>>
> >>> The traffic stops going thru the cache server. If the rule is removed
> >>> the traffic goes smoothly.
> >>> Cache.log shows the following error
> >>> tproxy ip=192.168.10.11,0x9eec383e,port=0 ERROR ASSIGN
> >>>
> >>> There seems to be no proper documentation for implementation of tproxy
> >>> with squid on the net.
> >>> Pls. advice.
> >>>
> >>> Regards
> >>> Sunil
> >>>
>

-- 
Angel Mieres - amieres@eneotecnologia.com
///////////////////////////////////////// Gentoo has you...
Received on Fri Aug 18 2006 - 06:08:34 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Sep 01 2006 - 12:00:02 MDT