RE: [squid-users] squid 2.6, wccp and tproxy

 
That is interesting to note, and part of where my problem lies. Given
the way the files are marked on the balabit site, I would not have known
of the support versions and differences. I just downloaded the patches
for the versions of squid, iptables, and kernel I was using.

During the setup of the software, so far anyway, I have not seen ways to
specify the version of Tproxy, etc. The initial tproxy README file I was
using must have been an older version because it didn't use the
difference in iptables table names that the newer README mentions, and
that someone was gracious enough to point out to me on the TPROXY
listserv.

Once I get Tproxy working, I would love to contribute docs to the squid
project.

On the Tproxy enabled system I have now, which is the same unit as my
working WCCP/Squid 2.6 boxes now, WCCP does not seem to be redirecting
traffic to the squid box. I am sure it is something I have done wrong,
and will figure out, but I wanted to be sure the end result was possible
before spending more time on the project.

I am currently using the following for my TPROXY setup:

CentOS 5.1 x86_64
Squid 2.6 STABLE 18 (custom compiled)
iptables 1.4.0 (custom compiled)
kernel 2.6.25.4 (custom compiled)
tproxy-iptables-1.4.0-20080521-113954-1211362794.patch
tproxy-kernel-2.6.25-20080519-165031-1211208631.tar.bz2
tproxy-squid-2.6-STABLE18.20080304-110716-1204625236.patch

BTW - to Henrik, I was aware of a websense piece that ran on a
linux/windows based Squid box running squid 2.5. The issues I currently
have with that are:

1) Is the squid agent free to enterprise users? (I posed this question
to our sales rep)
2) Does it support Squid 2.6, or only 2.5.
3) Does it truly change the reporting such that original client Ips can
be seen, or does it just fetch enforcement policies?

-----Original Message-----
From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Sent: Thursday, May 29, 2008 7:12 AM
To: Ritter, Nicholas
Cc: Adrian Chadd; squid-users_at_squid-cache.org
Subject: Re: [squid-users] squid 2.6, wccp and tproxy

Ritter, Nicholas wrote:
> In websense the client IP addresses that show up are those of the
squid boxes I have deployed. Websense does not utilize, as far as I
know, the x-forwarded-for header.
>
> The doc on squid-cache.org about how to setup TPROXY with squid is a
bit out of date because the latest version of tproxy uses the mangle
table and not a tproxy table.
>

The docs as far as we know are correct for all current releases of
Squid.
Unpatched Squid up to 3.1 still require TPROXY v2.2, so far only
3-HEAD/3.1 has proper integrated support for TPROXY v4+

If you have any updates for the wiki regarding the TPROXYv4 configs for
when 3.1 is released, please point out the variations.

Amos

> Nick
>
>
> -----Original Message-----
> From: Adrian Chadd [mailto:adrian_at_creative.net.au]
> Sent: Wed 5/28/2008 4:52 PM
> To: Ritter, Nicholas
> Cc: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] squid 2.6, wccp and tproxy
>
> On Wed, May 28, 2008, Ritter, Nicholas wrote:
>> Can tproxy, squid 2.6, and wccp be used together?
>
> Yes.
>
>> I want to work around the hiding of the original client ip because it

>> is breaking websense. Any suggestions/comments?
>
> What do you mean?
>
>
>> Nick
>

--
Please use Squid 2.7.STABLE1 or 3.0.STABLE6