Re: [squid-users] Squid -2.6 with Tproxy

From: tino <tino.kriswanto@dont-contact.us>
Date: Sat, 19 Aug 2006 08:51:43 +0700

have you try my last hints ?
I'm using fc4 , then upgrade it to kernel 2.6.15.7 ( did you use fc5 ? then
I could be some problem to downgrade from original 2.6.16 to 2.6.15 ?) &
patch cttproxy-2.6.15-2.0.4.tar.gz

iptables-1.3.0.tar.bz2 from netfilter.org (first i was using 1.3.4 & 5 which
not working)

after patch with balabit iptables, ./configure & make

make sure libipt_tproxy.so exist in /lib/iptables.

If it is not there, than you have to 'gcc' manually from iptables source you
extracted, check inside folder at <iptables source>/extentions/

regards,
Tino

----- Original Message -----
From: "Angel Mieres" <amieres@eneotecnologia.com>
To: "Sunil K.P." <sunil@hyperia.com>
Cc: <squid-users@squid-cache.org>
Sent: Friday, August 18, 2006 7:08 PM
Subject: Re: [squid-users] Squid -2.6 with Tproxy

> Sorry Sunil for my late reply (i have problems with my internet
> provider)
>
> Of course i haven't been able to implement Tproxy, im using since start
> only sources and all looks like compile ok.
>
> This is my procedure:
> - I patch kernel 2.6.15.2 vanilla with balabit patch from
> cttproxy-2.6.15-2.0.4.tar.gz
> - modify my kernel adding TPROXY support.
> - compiled & etc etc etc
> - patch iptables sources 1.3.4 , make KERNEL_DIR=... && make install
> KERNEL_DIR=...
> - On squid-2.6STABLE2... "./configure --enable-linux-tproxy
> --enable-linux-netfilter && make all && make install" (if in this step
> you have problems copy <kernel_dir>/include/linux/netfilter_ipv4/ into
> your /usr/include/linux/netfilter_ipv4/ )
>
> When i try to run squid in tproxy mode... Meeeak! Error port assign 0!
> I think im dreaming with this error all nights xD, the error looks like
> it's not able to spoofing clients.
>
> Can someone help us with this stuff?
>
>
>
> El mié, 16-08-2006 a las 21:32 +0100, Sunil K.P. escribió:
>> Hi Angel,
>>
>> Have you been able to implement Tproxy successfully?
>>
>> Regards
>> Sunil
>>
>> Angel Mieres wrote:
>> > Sunil, im trying to do the same that you are trying, i patched iptables
>> > 1.3.5 & 1.3.4 and the problem persist.
>> >
>> > Tino, have you work this succesfully? could you told me version have
>> > you
>> > used?(i refer iptables, patch aplied, kernel used, patch tproxy
>> > used...)
>> >
>> > Im using kernel 2.6.15.2 with balabit tproxy patch iptables 1.3.5 and
>> > squid 2.6 STABLE2 and always squid debug mode show me the same that
>> > show
>> > Sunil.
>> >
>> > I think that my problem is on iptables version and his patch.
>> >
>> > Regards,
>> > Angel M.
>> >
>> >
>> >> Your iptables patch not complete
>> >> fc5 use iptables rpm source, you need iptables from tar.gz/bz source
>> >> - uninstall the iptables rpm,
>> >> - download tar.gz/bz source from netfilter.org
>> >> - patch it with iptables-1.3-cttproxy.diff before ./configure
>> >>
>> >>
>> >> rgds,
>> >> Tino
>> >>
>> >> ----- Original Message -----
>> >> From: "Sunil K.P." <sunil@hyperia.com>
>> >> To: <squid-users@squid-cache.org>
>> >> Sent: Friday, August 11, 2006 4:33 PM
>> >> Subject: [squid-users] Squid -2.6 with Tproxy
>> >>
>> >>
>> >>
>> >>> Hi,
>> >>>
>> >>> I have squid 2.6 STABLE 2 running on FC 2.6.15.2.
>> >>> It is working fine in transparent mode.
>> >>>
>> >>> But I am trying to use Tproxy so that all the requests will spoofed
>> >>> to
>> >>> show the clients IP address and not the cache server.
>> >>> The patches have been applied to the kernel, compiled and applied as
>> >>> per
>> >>> procedure.
>> >>> After restarting the system the modules ipt_tproxy and ipt_TPROXY are
>> >>> loaded.
>> >>>
>> >>> The problem starts when I apply the following iptables rule
>> >>> iptables -t tproxy -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j
>> >>> TPROXY --on-port 3128
>> >>>
>> >>> The traffic stops going thru the cache server. If the rule is removed
>> >>> the traffic goes smoothly.
>> >>> Cache.log shows the following error
>> >>> tproxy ip=192.168.10.11,0x9eec383e,port=0 ERROR ASSIGN
>> >>>
>> >>> There seems to be no proper documentation for implementation of
>> >>> tproxy
>> >>> with squid on the net.
>> >>> Pls. advice.
>> >>>
>> >>> Regards
>> >>> Sunil
>> >>>
>>
> --
> Angel Mieres - amieres@eneotecnologia.com
> ///////////////////////////////////////// Gentoo has you...
>
Received on Fri Aug 18 2006 - 19:53:07 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Sep 01 2006 - 12:00:02 MDT