johan firdianto wrote:
> dear all,
> any experience using new TPROXY4.
> I already compiled kernel (2.6.25.14) with tproxy4,
> patch squid-2.6.18 and iptables 1.4
>
> [root_at_cachebox squid2.6.stable.18]# ip rule
> 0: from all lookup local
> 32764: from all fwmark 0x1/0x1 lookup 100
> 32765: from all fwmark 0x1 lookup 100
> 32766: from all lookup main
> 32767: from all lookup default
>
>
> [root_at_cachebox squid2.6.stable.18]# ip route show table 100
> local default dev lo scope host
>
> [root_at_cachebox squid2.6.stable.18]# iptables -t mangle -L -xvn
> Chain PREROUTING (policy ACCEPT 2462105 packets, 1395331335 bytes)
> pkts bytes target prot opt in out source
> destination
> 1474 91248 DIVERT tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 socket
> 279100 37919535 TPROXY tcp -- * * 0.0.0.0/0
> 0.0.0.0/0 tcp dpt:80 TPROXY redirect 0.0.0.0:3128 mark
> 0x1/0x1
>
> Chain INPUT (policy ACCEPT 8575 packets, 558014 bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain FORWARD (policy ACCEPT 2884819 packets, 1455715086 bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain OUTPUT (policy ACCEPT 9871 packets, 3045490 bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain POSTROUTING (policy ACCEPT 2894692 packets, 1458760640 bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain DIVERT (1 references)
> pkts bytes target prot opt in out source
> destination
> 1462 90432 MARK all -- * * 0.0.0.0/0
> 0.0.0.0/0 MARK set 0x1
> 1454 89968 ACCEPT all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> [root_at_cachebox squid2.6.stable.18]# sbin/squid -v
> Squid Cache: Version 2.6.STABLE18
> configure options: '--prefix=/usr/local/squid2.6.stable.18'
> '--enable-gnuregex' '--enable-carp' '--with-pthreads' '--with-aio'
> '--with-dl' '--enable-delay-pools' '--enable-useragent-log'
> '--enable-referer-log' '--enable-htcp' '--enable-arp-acl'
> '--enable-cache-digests' '--enable-linux-netfilter'
> '--enable-truncate' '--enable-underscores' '--enable-stacktraces'
> '--enable-x-accelerator-vary'
> '--enable-basic-auth-helpers=MSNT,NCSA,YP,getpwnam'
> '--enable-external-acl-helpers=ip_user,unix_group,wbinfo_group'
> '--enable-auth=basic,ntlm' '--disable-ident-lookups'
> '--enable-follow-x-forwarded-for' '--enable-large-cache-files'
> '--enable-async-io' '--with-maxfd=2048000' '--enable-epoll'
> '--enable-snmp' '--enable-removal-policies=heap,lru'
> '--enable-storeio=aufs,coss,diskd,null,ufs' '--enable-ssl'
> '--with-openssl=/usr/kerberos' '--disable-dependency-tracking'
> '--with-large-files'
>
> But i check in access.log, no traffic comes
>
>
> [root_at_cachebox squid2.6.stable.18]# squidclient mgr:active_requests
> HTTP/1.0 200 OK
> Server: squid/2.6.STABLE18
> Date: Mon, 15 Sep 2008 03:25:38 GMT
> Content-Type: text/plain
> Expires: Mon, 15 Sep 2008 03:25:38 GMT
> Last-Modified: Mon, 15 Sep 2008 03:25:38 GMT
> X-Cache: MISS from cachebox.sldm.net
> X-Cache-Lookup: MISS from cachebox.sldm.net:3128
> Proxy-Connection: close
>
> Connection: 0x97cb098
> FD 43, read 70, wrote 0
> FD desc: cache_object://localhost/active_requests
> in: buf 0x97e3148, offset 0, size 4096
> peer: 127.0.0.1:38205
> me: 127.0.0.1:3128
> nrequests: 1
> defer: n 0, until 0
> uri cache_object://localhost/active_requests
> log_type TCP_MISS
> out.offset 0, out.size 0
> req_sz 70
> entry 0x97e5500/6253C1F43059CF9CC59F0A560EBE707F
> old_entry (nil)/N/A
> start 1221449138.803287 (0.000000 seconds ago)
> username -
> delay_pool 0
>
> [root_at_cachebox squid2.6.stable.18]#
>
> in squid.conf, already defined
> http_port 3128 tproxy transparent
>
> any suggest ?
> Should I downgrade the tproxy version 2 ?.
> Thanks.
No, Squid 3-HEAD code has TPROXYv4 support integrated.
Just note the two patches very recently found, detailed just above the
squid configuration details at:
http://wiki.squid-cache.org/Features/Tproxy4
NP: the build options that stand out as different for 3.x are:
--with-maxfd=2048000
NOW: --with-filedescriptors=2048000
--enable-storeio=aufs,coss,diskd,null,ufs
DROP: null (integrated), coss (broken on 3.x), diskd (slow on linux)
Amos
-- Please use Squid 2.7.STABLE4 or 3.0.STABLE9Received on Mon Sep 15 2008 - 06:21:07 MDT
This archive was generated by hypermail 2.2.0 : Mon Sep 15 2008 - 12:00:03 MDT