Re: [squid-users] Please give a solution - Tproxy from adnan on 2009-05-04 (squid-users)

From: adnan <adnan_at_citechco.net>
Date: Tue, 5 May 2009 09:49:47 +0600

----- Original Message -----
From: "Amos Jeffries" <squid3_at_treenet.co.nz>
To: "Monzur Md.. Alam" <monzur_at_citechco.net>
Cc: <squid-users_at_squid-cache.org>
Sent: Monday, May 04, 2009 7:19 PM
Subject: Re: [squid-users] Please give a solution - Tproxy

> Monzur Md.. Alam wrote:
>> Dear all,
>>
>> I have gone the the procedure as described at the following URL
>> URL:
>> http://wiki.squid-cache.org/Features/Tproxy4#head-f17bb712222beeb0aa083f02237aad6fdfaa1be2
>>
>> I have successfully complied kernel:2.6.28.1 and iptables:1.4.3 with
>> tproxy:2.6.25-20080519-165031-1211208631.tar.bz2
>>
>
> What is "tproxy:2.6.25-20080519-165031-1211208631.tar.bz2" ??
> It's not part of the Squid TPROXY v4 tools that I know of.

He (Monzur) means, tproxy-kernel-2.6.25-20080519-165031-1211208631.tar.bz2,
for the support of
NF_CONNTRACK
NETFILTER_TPROXY
NETFILTER_XT_MATCH_SOCKET
NETFILTER_XT_TARGET_TPROXYabove feature in the kernel we patched above
"tproxy-kernelxxx" patch to the kernel.Do you think we should avoid
tproxy-kernel patch for TPROXY v4? If so, how can we will getNF_CONNTRACK,
NETFILTER_TPROXY, NETFILTER_XT_MATCH_SOCKET, NETFILTER_XT_TARGET_TPROXY in
thekernel?> > >> Now when I run following ipables commands, all the
commands>> running without any problem except....>> >> iptables 1.4.3
Configuration>> iptables -t mangle -A PREROUTING -p tcp -m socket -j
DIVERT>> >> and error messege shown:>> >> [root_at_hpproxy ~]# iptables -t
mangle -A PREROUTING -p tcp -m socket -j DIVERT>> iptables: No
chain/target/match by that name. Run `dmesg' for more information.
>> [root_at_hpproxy ~]#
>
> Something is missing from your iptables. Possibly the kernel is not built
> with all the new TPROXY options or has not loaded the right modules.
> Follow its advice and run dmesg to find out more details.
>

When we run the command without "-m socket" it's run without error. Can you
please write which
thing are missing in the kernel or iptables software?
Is this command or option "-m socket" is mandotary to run Squid with Tproxy
support?

Very best regards,

Adnan
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
> Current Beta Squid 3.1.0.7
Received on Tue May 05 2009 - 03:49:58 MDT

This archive was generated by hypermail 2.2.0 : Tue May 05 2009 - 12:00:01 MDT