RE: [squid-users] squid 2.6, wccp and tproxy

>
> That is interesting to note, and part of where my problem lies. Given
> the way the files are marked on the balabit site, I would not have known
> of the support versions and differences. I just downloaded the patches
> for the versions of squid, iptables, and kernel I was using.

So you have the Balabit 2.6s18 patch mentioned at
 http://wiki.squid-cache.org/Features/TproxyUpdate

>
> During the setup of the software, so far anyway, I have not seen ways to
> specify the version of Tproxy, etc. The initial tproxy README file I was
> using must have been an older version because it didn't use the
> difference in iptables table names that the newer README mentions, and
> that someone was gracious enough to point out to me on the TPROXY
> listserv.

It's a little bit tricky at present, Balabit no longer support v2.2 and I
don't know if/where one would get the necessary patches.

Squid-2 performs detection at configure time with --enable-tproxy to see
if its supported tproxy method is available, disabling tproxy support and
warns if its not. The configure log I believe should tell you if it was
successful or failed.

Unless you able to use the old version, I don't think it will succeed
though. You may need to migrate to 3-HEAD, its beta testing code, but
stable enough for light use.

Amos

>
> Once I get Tproxy working, I would love to contribute docs to the squid
> project.
>
> On the Tproxy enabled system I have now, which is the same unit as my
> working WCCP/Squid 2.6 boxes now, WCCP does not seem to be redirecting
> traffic to the squid box. I am sure it is something I have done wrong,
> and will figure out, but I wanted to be sure the end result was possible
> before spending more time on the project.
>
> I am currently using the following for my TPROXY setup:
>
> CentOS 5.1 x86_64
> Squid 2.6 STABLE 18 (custom compiled)
> iptables 1.4.0 (custom compiled)
> kernel 2.6.25.4 (custom compiled)
> tproxy-iptables-1.4.0-20080521-113954-1211362794.patch
> tproxy-kernel-2.6.25-20080519-165031-1211208631.tar.bz2
> tproxy-squid-2.6-STABLE18.20080304-110716-1204625236.patch
>
>
> BTW - to Henrik, I was aware of a websense piece that ran on a
> linux/windows based Squid box running squid 2.5. The issues I currently
> have with that are:
>
> 1) Is the squid agent free to enterprise users? (I posed this question
> to our sales rep)
> 2) Does it support Squid 2.6, or only 2.5.
> 3) Does it truly change the reporting such that original client Ips can
> be seen, or does it just fetch enforcement policies?
>
>
>
> -----Original Message-----
> From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
> Sent: Thursday, May 29, 2008 7:12 AM
> To: Ritter, Nicholas
> Cc: Adrian Chadd; squid-users_at_squid-cache.org
> Subject: Re: [squid-users] squid 2.6, wccp and tproxy
>
> Ritter, Nicholas wrote:
>> In websense the client IP addresses that show up are those of the
> squid boxes I have deployed. Websense does not utilize, as far as I
> know, the x-forwarded-for header.
>>
>> The doc on squid-cache.org about how to setup TPROXY with squid is a
> bit out of date because the latest version of tproxy uses the mangle
> table and not a tproxy table.
>>
>
> The docs as far as we know are correct for all current releases of
> Squid.
> Unpatched Squid up to 3.1 still require TPROXY v2.2, so far only
> 3-HEAD/3.1 has proper integrated support for TPROXY v4+
>
> If you have any updates for the wiki regarding the TPROXYv4 configs for
> when 3.1 is released, please point out the variations.
>
> Amos
>
>> Nick
>>
>>
>> -----Original Message-----
>> From: Adrian Chadd [mailto:adrian_at_creative.net.au]
>> Sent: Wed 5/28/2008 4:52 PM
>> To: Ritter, Nicholas
>> Cc: squid-users_at_squid-cache.org
>> Subject: Re: [squid-users] squid 2.6, wccp and tproxy
>>
>> On Wed, May 28, 2008, Ritter, Nicholas wrote:
>>> Can tproxy, squid 2.6, and wccp be used together?
>>
>> Yes.
>>
>>> I want to work around the hiding of the original client ip because it
>
>>> is breaking websense. Any suggestions/comments?
>>
>> What do you mean?
>>
>>
>>> Nick
>>
>
>
> --
> Please use Squid 2.7.STABLE1 or 3.0.STABLE6
>
>
Received on Fri May 30 2008 - 04:05:42 MDT