Hi Zul, I do not have a patch for 2.6.19 version of kernel with me. If I find time, I will get it for you. But it should be a straight forward change. You can manually do the changes in the file iptable_tproxy.c and place the changes at appropriate location. On 12/10/2007, zulkarnain <sizulku@yahoo.com> wrote:
Hi Arun,
I my kernel-2.6.19.7 with your patch and seemed it won't work. I got this messages below and I attached you iptable_tproxy.c.rej
[root@squid linux]# patch -p1 -i ../07-linux_aircell_tproxy.patch patching file include/linux/netfilter_ipv4/ip_tproxy.h patching file net/ipv4/netfilter/ip_tables.c Hunk #7 succeeded at 245 (offset -2 lines). patching file net/ipv4/netfilter/iptable_tproxy.c Hunk #1 succeeded at 43 with fuzz 2 (offset -2 lines). Hunk #2 FAILED at 145. Hunk #3 succeeded at 120 with fuzz 2 (offset -79 lines). Hunk #4 FAILED at 647. Hunk #5 succeeded at 831 (offset -4 lines). Hunk #6 succeeded at 798 (offset -79 lines). Hunk #7 succeeded at 896 (offset -4 lines). Hunk #8 succeeded at 837 (offset -79 lines). Hunk #9 FAILED at 916. patch unexpectedly ends in middle of line Hunk #10 succeeded at 993 with fuzz 1 (offset -34 lines). 3 out of 10 hunks FAILED -- saving rejects to file net/ipv4/netfilter/iptable_tproxy.c.rej [root@squid linux]#
Do you have a patch that work with kernel-2.6.19.7? Any help would be great. Thanks!
Regards, Zul
----- Original Message ---- From: Arun S <hi2arun@gmail.com> To: zulkarnain <sizulku@yahoo.com> Cc: Tproxy <tproxy@lists.balabit.hu> Sent: Friday, October 12, 2007 6:40:52 AM Subject: Re: [tproxy] Tproxy changes for performing dual NAT
Hi Zul,
Here are the steps to be followed:
1. Apply Cttproxyv2.0.6 to linux kernel v2.6.18
2. Apply the given patch for dual NAT
3. Compile the kernel as usual with TPROXY support enabled.
4. Run Squid (I have tested it with Squid v 2.6) with tproxy related options enabled.
5. Add TPROXY rule to redirect HTTP packets: e.g.: iptables -t tproxy -A PREROUTING -p tcp --dport 80 -j TPROXY --on-port 3128 [Assuming Squid proxy listens on port 3128]
6. Add POSTROUTING rule for performing SNAT. e.g. Say LAN network is 192.168.1.0/24, iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to <Src IP>
Please let me know of any issues along with the kernel version , Squid version, iptables rules and your test setup.
____________________________________________________________________________________ Don't let your dream ride pass you by. Make it a reality with Yahoo! Autos. http://autos.yahoo.com/index.html
-- Regards, Arun S.