Re: [squid-users] Please give a solution - Tproxy

Dear Amos,
Thank you to your suggestion. We have a successfully patching
tproxy-iptables and tproxy-kernel. Then how can i configured WCCP
configuration in L4 WCCPv2 with GRE interface in my Linux box. It's also
mention that we have used Centos 5.2 and Squid v3.1.

thanks
Monzur
----- Original Message -----
From: "Amos Jeffries" <squid3_at_treenet.co.nz>
To: "adnan" <adnan_at_citechco.net>
Cc: "Monzur Md.. Alam" <monzur_at_citechco.net>; <squid-users_at_squid-cache.org>
Sent: Tuesday, May 05, 2009 7:31 PM
Subject: Re: [squid-users] Please give a solution - Tproxy

> adnan wrote:
>>
>> ----- Original Message ----- From: "Amos Jeffries" <squid3_at_treenet.co.nz>
>> To: "Monzur Md.. Alam" <monzur_at_citechco.net>
>> Cc: <squid-users_at_squid-cache.org>
>> Sent: Monday, May 04, 2009 7:19 PM
>> Subject: Re: [squid-users] Please give a solution - Tproxy
>>
>>
>>> Monzur Md.. Alam wrote:
>>>> Dear all,
>>>>
>>>> I have gone the the procedure as described at the following URL
>>>> URL:
>>>> http://wiki.squid-cache.org/Features/Tproxy4#head-f17bb712222beeb0aa083f02237aad6fdfaa1be2
>>>>
>>>> I have successfully complied kernel:2.6.28.1 and iptables:1.4.3 with
>>>> tproxy:2.6.25-20080519-165031-1211208631.tar.bz2
>>>>
>>>
>>> What is "tproxy:2.6.25-20080519-165031-1211208631.tar.bz2" ??
>>> It's not part of the Squid TPROXY v4 tools that I know of.
>>
>> He (Monzur) means,
>> tproxy-kernel-2.6.25-20080519-165031-1211208631.tar.bz2, for the support
>> of
>> NF_CONNTRACK
>> NETFILTER_TPROXY
>> NETFILTER_XT_MATCH_SOCKET
>> NETFILTER_XT_TARGET_TPROXYabove feature in the kernel we patched above
>> "tproxy-kernelxxx" patch to the kernel.Do you think we should avoid
>> tproxy-kernel patch for TPROXY v4?
>
> Ah you said you had kernel 2.6.28.
> That is a patch for 2.6.25 kernel _only_.
>
> There is no patching needed for kernel 2.6.28, which is why its listed
> on the wiki page as recommended minimum version.
>
>
> If so, how can we will
>> getNF_CONNTRACK, NETFILTER_TPROXY, NETFILTER_XT_MATCH_SOCKET,
>> NETFILTER_XT_TARGET_TPROXY in thekernel?
>
> During normal confugure + build sequence of the kernel they should appear
> somewhere in the netfilter or iptabels sections of the configure.
>
> If you have that patch in your 2.6.28, you will need to rebuild without
> any breakage it may have caused. Thats a good time to do a reconfigure
> from clean kernel source.
>
>
>> > >> Now when I run following
>> ipables commands, all the commands>> running without any problem
>> except....>> >> iptables 1.4.3 Configuration>> iptables -t mangle -A
>> PREROUTING -p tcp -m socket -j DIVERT>> >> and error messege shown:>> >>
>> [root_at_hpproxy ~]# iptables -t mangle -A PREROUTING -p tcp -m socket -j
>> DIVERT>> iptables: No chain/target/match by that name. Run `dmesg' for
>> more information.
>>>> [root_at_hpproxy ~]#
>>>
>>> Something is missing from your iptables. Possibly the kernel is not
>>> built with all the new TPROXY options or has not loaded the right
>>> modules. Follow its advice and run dmesg to find out more details.
>>>
>>
>> When we run the command without "-m socket" it's run without error. Can
>> you please write which
>> thing are missing in the kernel or iptables software?
>
> The versions listed on the Squid wiki page are missing nothing important.
> Should work with vanilla code no patches. Only a kernel and Squid
> configuration settings needed during build.
>
>> Is this command or option "-m socket" is mandotary to run Squid with
>> Tproxy support?
>
> Yes it is. Using the correct versions of software and not patching will
> fix this issue for you.
>
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
> Current Beta Squid 3.1.0.7
Received on Wed May 06 2009 - 09:52:56 MDT