[squid-users] Help on Squid-2.6.STABLE15 with Tproxy-4.0.1

From: Arun S <hi2arun@dont-contact.us>
Date: Tue, 11 Sep 2007 12:43:05 +0530

Hi List,

I hope I could get some help here related to configuring Squid-2.6
with Tproxy-4.0.1 support.

My setup is like this:

20.20.20.2 20.20.20.1 192.168.1.12 192.168.1.15
WebUser ------------------ SquidProxy+Tproxy-------------------- WWWServer

I want to provide transparency to both WebUser and WWWserver as well,
so that Squid can do caching by giving a feel that WebUser is
connected directly with WWWServer without any proxies in between.

I managed to get this setup working with Cttproxy-2.6.18-2.0.6 patch.

Now I moved to Tproxy-4.0.1 to do POSTROUTING in NAT table.

I am using Squid version 2.6-STABLE15 on FC5 linux kernel v 2.6.18.1
patched with tproxy-4.0.1-ubuntu-2.6.17-12.39.

In squid.conf, I have enabled Transparent proxy support by adding
http_pot 3128 tproxy transparent
tcp_outgoing_address 192.168.1.12

Also, TPROXY rule was added using iptables:
iptables -t tproxy -A PREROUTING -p tcp --dport 80 -j TPROXY --on-port 3128

When handling a request, Squid throws an error: "tproxy
ip=20.20.20.2,0x2141414,port=0 ERROR ASSIGN".

This was fine with cttproxy-2.6.18-2.0.6 patch.

By walking through the code, I understood that setsockopt handler part
is removed from Tproxy version 4.0.0 and above. And TPROXY is doing
only the job of redirecting the traffic to squid proxy and not taking
care of spoofing IP/SNAT.

Please correct me if my understanding is wrong on this.

How I can acheive IP Spoofing using Squid + Tproxy v4.0.1

Thanks in advance.

-- 
Regards,
Arun S.
Received on Tue Sep 11 2007 - 01:13:13 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Oct 01 2007 - 12:00:02 MDT