Re: [squid-users] tproxy4, squid-2.7.stable6 doesnt work on centos 2.6.30

From: Visolve Squid Team <squid_at_visolve.com>
Date: Mon, 05 Oct 2009 10:21:28 +0530

Johan,

You have missed '--enable-linux-netfilter' option when installing squid.
You should use http_port tproxy transparent and do not use
tcp_outgoing_address in the squid.conf.

Before compiling squid, please make sure libcap-dev is installed.

Thanks
ViSolve Squid Team

johan firdianto wrote:
> dear guys,
>
> anybody here has experience implement tproxy 4 ( based on patch comes
> from visolve.com) on squid 2.7 stable 6?.
> here my configure option
> '--prefix=/usr/local/squid-tproxy' '--enable-gnuregex' '--enable-carp'
> '--with-pthreads' '--with-aio' '--with-dl' '--enable-useragent-log'
> '--enable-referer-log' '--enable-htcp' '--enable-arp-acl'
> '--enable-cache-digests' '--enable-truncate' '--enable-stacktraces'
> '--enable-x-accelerator-vary'
> '--enable-basic-auth-helpers=MSNT,NCSA,YP,getpwnam'
> '--enable-external-acl-helpers=ip_user,unix_group,wbinfo_group'
> '--enable-removal-policies=lru,heap' '--enable-auth=basic,ntlm'
> '--disable-ident-lookups' '--enable-follow-x-forwarded-for'
> '--enable-large-cache-files' '--enable-async-io'
> '--with-maxfd=2048000' '--enable-linux-tproxy' '--enable-epoll'
> '--enable-snmp' '--enable-removal-policies=heap,lru'
> '--enable-storeio=aufs,coss,diskd,null,ufs' '--enable-ssl'
> '--with-openssl=/usr/kerberos' '--disable-dependency-tracking'
> '--with-large-files' '--enable-default-hostsfile=/etc/hosts'
>
> I already put http_port tproxy transparent in squid.conf, and also put
> IP of squid at tcp_outgoing_address option.
> no error in compiling squid, but when I dump the packet, the squid /
> linux doesn't spoof the IP. It use the squid box IP address rathern
> than client IP address.
> I still can browse normally, but the system doesn't spoof the IP.
> When I use tproxy4 on squid 3.1, it works.
> any clue ?
>
> Thanks.
>
> Johan
>
>
>
Received on Mon Oct 05 2009 - 04:49:53 MDT

This archive was generated by hypermail 2.2.0 : Mon Oct 05 2009 - 12:00:02 MDT