<html><body><div style="color:#000; background-color:#fff; font-family:arial, helvetica, sans-serif;font-size:10pt"><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt;">Hello there!</div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt;"><br></div><div style="background-color: transparent;"><font face="arial, helvetica, sans-serif" size="2">I'm trying to install squid with TPROXY support. I'm using a Centos 6.4 (64-bit) with kernel version </font><span style="background-color: transparent;"><font face="arial, helvetica, sans-serif" size="2">2.6.32-358.el6.x86_64 and iptables version 4.1.7</font></span></div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt;"><span style="background-color: transparent;"><br></span></div><div style="font-family: arial, helvetica, sans-serif; font-size: 10pt;"><span style="background-color: transparent;">I've followed the instructions in </span><a
href="http://wiki.squid-cache.org/Features/Tproxy4" style="background-color: transparent;">http://wiki.squid-cache.org/Features/Tproxy4</a><span style="background-color: transparent;"> but unfortunately connecting to any website from a client with Chrome browser fails with this error: </span><br></div><div style="font-family: arial, helvetica, sans-serif; font-size: 13px; color: rgb(0, 0, 0); background-color: transparent; font-style: normal;"><span style="color: rgb(119, 119, 119); font-family: Helvetica, Arial, sans-serif; line-height: 18px;">Error 324 (net::ERR_EMPTY_RESPONSE): The server closed the connection without sending any data.</span><br></div><div style="font-family: arial, helvetica, sans-serif; font-size: 13px; color: rgb(0, 0, 0); background-color: transparent; font-style: normal;"><br></div><div style="font-family: arial, helvetica, sans-serif; font-size: 13px; color: rgb(0, 0, 0); background-color: transparent; font-style:
normal;">When trying to telnet squid on port 80, I get a connection but the connection is closed once I hit any key! <span style="background-color: transparent;">I think packets are being redirected to squid successfully because if I stop squid, there would be no connections at all. </span><span style="background-color: transparent;">Do you have any idea of what might be the reason?</span></div><div style="font-family: arial, helvetica, sans-serif; font-size: 13px; color: rgb(0, 0, 0); background-color: transparent; font-style: normal;"><br></div><div style="font-family: arial, helvetica, sans-serif; font-size: 13px; color: rgb(0, 0, 0); background-color: transparent; font-style: normal;">Another question, I have checked that my current kernel was already built with those options:</div><div style="background-color: transparent;"><font face="arial, helvetica, sans-serif" size="2">NF_CONNTRACK=m</font></div><div style="background-color:
transparent;"><font face="arial, helvetica, sans-serif" size="2">NETFILTER_TPROXY=m</font></div><div style="background-color: transparent;"><font face="arial, helvetica, sans-serif" size="2">NETFILTER_XT_MATCH_SOCKET=m</font></div><div style="background-color: transparent;"><font face="arial, helvetica, sans-serif" size="2">NETFILTER_XT_TARGET_TPROXY=m</font></div><div style="background-color: transparent; color: rgb(0, 0, 0); font-size: 13px; font-family: arial, helvetica, sans-serif; font-style: normal;"><br></div><div style="background-color: transparent; color: rgb(0, 0, 0); font-family: arial, helvetica, sans-serif; font-style: normal;"><font size="2">Do I still have to recompile it with patches from </font><a href="http://www.balabit.com/downloads/files/tproxy/">http://www.balabit.com/downloads/files/tproxy/</a>?</div><div style="background-color: transparent; color: rgb(0, 0, 0); font-family: arial, helvetica, sans-serif; font-style:
normal;"><span style="font-size: 13px; background-color: transparent;">There are no patches available for this current version. What about iptables? Do I need to patch it?</span><br></div><div style="background-color: transparent; color: rgb(0, 0, 0); font-family: arial, helvetica, sans-serif; font-style: normal;"><span style="background-color: transparent; font-size: 13px;"><br></span></div><div style="background-color: transparent; color: rgb(0, 0, 0); font-family: arial, helvetica, sans-serif; font-style: normal; font-size: 13px;"><span style="background-color: transparent; font-size: 13px;">My last question is: TPROXY target in the mangle table is not supposed to change anything in the packet header, how the packets with TPROXY target would be redirected to --on-port if the IP header is untouched?!</span><br></div><div style="background-color: transparent; color: rgb(0, 0, 0); font-family: arial, helvetica, sans-serif; font-style: normal;"><span
style="font-size: 13px;"><br></span></div><div style="background-color: transparent; color: rgb(0, 0, 0); font-family: arial, helvetica, sans-serif; font-style: normal;"><span style="font-size: 13px;">Thanks a lot for your help!</span></div><div style="background-color: transparent; color: rgb(0, 0, 0); font-family: arial, helvetica, sans-serif; font-style: normal; font-size: 13px;"><span style="font-size: 13px;"><br></span></div><div style="background-color: transparent; color: rgb(0, 0, 0); font-family: arial, helvetica, sans-serif; font-style: normal; font-size: 13px;"><span style="font-size: 13px;">Best regards,</span></div><div style="background-color: transparent; color: rgb(0, 0, 0); font-family: arial, helvetica, sans-serif; font-style: normal;"><span style="font-size: 13px;">Firas</span></div></div></body></html>