Re: [squid-users] squid 2.6, wccp and tproxy

For a very light use... Even a single PC would experience
problems with squid 3.1 and TPROXY 4.1... I switched back
to 2.6.20.21+cttproxy and squid 2.6STAB-20 for a time
being.

On Friday 30 May 2008 09:05, Amos Jeffries wrote:
> > That is interesting to note, and part of where my
> > problem lies. Given the way the files are marked on the
> > balabit site, I would not have known of the support
> > versions and differences. I just downloaded the patches
> > for the versions of squid, iptables, and kernel I was
> > using.
>
> So you have the Balabit 2.6s18 patch mentioned at
> http://wiki.squid-cache.org/Features/TproxyUpdate
>
> > During the setup of the software, so far anyway, I have
> > not seen ways to specify the version of Tproxy, etc.
> > The initial tproxy README file I was using must have
> > been an older version because it didn't use the
> > difference in iptables table names that the newer
> > README mentions, and that someone was gracious enough
> > to point out to me on the TPROXY listserv.
>
> It's a little bit tricky at present, Balabit no longer
> support v2.2 and I don't know if/where one would get the
> necessary patches.
>
> Squid-2 performs detection at configure time with
> --enable-tproxy to see if its supported tproxy method is
> available, disabling tproxy support and warns if its not.
> The configure log I believe should tell you if it was
> successful or failed.
>
> Unless you able to use the old version, I don't think it
> will succeed though. You may need to migrate to 3-HEAD,
> its beta testing code, but stable enough for light use.
>
> Amos
>
> > Once I get Tproxy working, I would love to contribute
> > docs to the squid project.
> >
> > On the Tproxy enabled system I have now, which is the
> > same unit as my working WCCP/Squid 2.6 boxes now, WCCP
> > does not seem to be redirecting traffic to the squid
> > box. I am sure it is something I have done wrong, and
> > will figure out, but I wanted to be sure the end result
> > was possible before spending more time on the project.
> >
> > I am currently using the following for my TPROXY setup:
> >
> > CentOS 5.1 x86_64
> > Squid 2.6 STABLE 18 (custom compiled)
> > iptables 1.4.0 (custom compiled)
> > kernel 2.6.25.4 (custom compiled)
> > tproxy-iptables-1.4.0-20080521-113954-1211362794.patch
> > tproxy-kernel-2.6.25-20080519-165031-1211208631.tar.bz2
> > tproxy-squid-2.6-STABLE18.20080304-110716-1204625236.pa
> >tch
> >
> >
> > BTW - to Henrik, I was aware of a websense piece that
> > ran on a linux/windows based Squid box running squid
> > 2.5. The issues I currently have with that are:
> >
> > 1) Is the squid agent free to enterprise users? (I
> > posed this question to our sales rep)
> > 2) Does it support Squid 2.6, or only 2.5.
> > 3) Does it truly change the reporting such that
> > original client Ips can be seen, or does it just fetch
> > enforcement policies?
> >
> >
> >
> > -----Original Message-----
> > From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
> > Sent: Thursday, May 29, 2008 7:12 AM
> > To: Ritter, Nicholas
> > Cc: Adrian Chadd; squid-users_at_squid-cache.org
> > Subject: Re: [squid-users] squid 2.6, wccp and tproxy
> >
> > Ritter, Nicholas wrote:
> >> In websense the client IP addresses that show up are
> >> those of the
> >
> > squid boxes I have deployed. Websense does not utilize,
> > as far as I know, the x-forwarded-for header.
> >
> >> The doc on squid-cache.org about how to setup TPROXY
> >> with squid is a
> >
> > bit out of date because the latest version of tproxy
> > uses the mangle table and not a tproxy table.
> >
> >
> > The docs as far as we know are correct for all current
> > releases of Squid.
> > Unpatched Squid up to 3.1 still require TPROXY v2.2, so
> > far only 3-HEAD/3.1 has proper integrated support for
> > TPROXY v4+
> >
> > If you have any updates for the wiki regarding the
> > TPROXYv4 configs for when 3.1 is released, please point
> > out the variations.
> >
> > Amos
> >
> >> Nick
> >>
> >>
> >> -----Original Message-----
> >> From: Adrian Chadd [mailto:adrian_at_creative.net.au]
> >> Sent: Wed 5/28/2008 4:52 PM
> >> To: Ritter, Nicholas
> >> Cc: squid-users_at_squid-cache.org
> >> Subject: Re: [squid-users] squid 2.6, wccp and tproxy
> >>
> >> On Wed, May 28, 2008, Ritter, Nicholas wrote:
> >>> Can tproxy, squid 2.6, and wccp be used together?
> >>
> >> Yes.
> >>
> >>> I want to work around the hiding of the original
> >>> client ip because it
> >>>
> >>> is breaking websense. Any suggestions/comments?
> >>
> >> What do you mean?
> >>
> >>> Nick
> >
> > --
> > Please use Squid 2.7.STABLE1 or 3.0.STABLE6
Received on Mon Jun 02 2008 - 05:21:00 MDT