Hello,
But that is description to tproxy2, for nwe kernels >2.6.22 there are
patches for tproxy-4, and tproxy-4.1. Squid ic compatible with tproxy2
only so I downloaded patches for squid 2.6-stable18 (for tproxy-4.1 from
http://people.balabit.hu/panther/tproxy/).
look here https://lists.balabit.hu/pipermail/tproxy/2008-February/000705.html
Dnia So Marca 29 2008, 03:27, Sunin Thaveethamsavee napisał(a):
> I'm follow up every step via this link
> http://web.suffieldacademy.org/ils/netadmin/docs/software/squid/ and
> everything that work fine.
>
> -----Original Message-----
> From: admin@abp.pl [mailto:admin@abp.pl]
> Sent: Saturday, March 29, 2008 4:04 AM
> To: squid-users@squid-cache.org
> Subject: [squid-users] TPROXY but without bridging?
>
> Hello,
>
> I'm using Squid Cache: Version 2.6.STABLE18
>
> Is there posibility to use it as fully transprent proxy (with tproxy) but
> without bridging interfaces?
>
> My topology:
>
> [router 0]---[Internet]
> |
> |
> [===switch=======================]
> | | |
> [squid] [ router a ][ router b ] .....
>
> to routers a,b... are connected clients. On that routers I have DNAT
> --to-destiation squid:80
>
> On squid machine i have 2.6.25-rc7 kernel and Squid with patches from
> http://people.balabit.hu/panther/tproxy/.
>
> And:
> iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY \
> --tproxy-mark 0x1/0x1 -on-port 3128
> iptables -t mangle -N DIVERT
> iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
> iptables -t mangle -A DIVERT -j MARK --set-mark 1
> iptables -t mangle -A DIVERT -j ACCEPT
> ip rule add fwmark 1 lookup 100
> ip route add local 0.0.0.0/0 dev lo table 100
>
> squid.conf:
> ..
> http_port 3128 transparent tproxy
> tcp_outgoing_address [machine ip]
> ..
>
> When I test this configuration webservers logs connection from clients
> from routers a,b... with ip of squid machine. So tproxy doesnt' work.
>
> Can I fix it?
>
> PS. It's urgent for me, please help;)
> Regards,
> Tomasz
>
>
-- Tomasz Kolaj Administrator sieci ABP ComputerReceived on Sat Mar 29 2008 - 04:06:16 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Apr 01 2008 - 13:00:05 MDT