admin@abp.pl wrote:
Laszlo Attila Toth told that problem is with squid patch.
So now we need to ask who is able to fix tproxy-4.1 patch to squid 2.6? I'm right, am I?
I have included my version of the squid-2.6 patch. It is not meant to be THE patch; use at your own risk, as I have no intention to support nor maintaining it. Since I did not patch the autoconfigure, you would need to configure it using this way ( for example ) :- ac_cv_header_linux_netfilter_ipv4_ip_tproxy_h=yes \ ac_cv_header_sys_capability_h=yes ./configure \ --enable-linux-tproxy \ --enable-linux-netfilter \ ......
I don't want to have next server between routers. I'm fighting wth DoS attacks (viruses, ect..) and I'm afraid that processor on squid machine may not handle thousands interupts generated during attacks.
Beter for me is standalone and more resistant server.
On my router0 during "attack" on top I have sometimes over 80-90% of ksoftirqd/0 (I have Intel pci-e 82572EI and 82573V cards).
There is a good chance to use tproxy without a bridge, but there is addional route table needed on router0 - to handle the return path - at least ! You did not show us that you have handled this return path routing on router0 - in your previous posts. Cheers.