People,

With this advice from Anton I have made some changes. As I could not find Squid-3.1 I used Squid-3HEAD and, for my surprise, using --enable-linux-netfilter it enables "transparent tproxy" feature.

I will try to make this new compilation using kernel-2.6.25 becouse my test was using 2.6.24.7 (as Anton said).

Hope for this all to function...

Anton escreveu: 
Nataniel, look more carefully at your setup, and I advice to 
use 2.6.24 kernel (2.6.25 TPROXY (no blame at the TPROXY 
patch - since plain 2.6.25 may hang to - just not tried!) 
patched was silently hanging on the same PC after 1-3 hours 
of working) - I've got it working with squid 3.1 and 
iptables 1.4.x - though list time I tryed there was some 
issues, which supposely fixed in the latest TPROXY patch to 
2.6.24 kernel - but definitelly everything compiles and 
works, specificially in the very light load.


On Thursday 19 June 2008 17:28, Nataniel Klug wrote:
  
No luck using tproxy4.

Nataniel Klug escreveu:
    
Laszlo,

Nope... Same error as before. I have a file named
xt_TPROXY that was compiled with kernel but I this the
software is not reading it. I will try with tproxy4
option again.

[root@cache sbin]# ./squid -D
FATAL: Bungled squid.conf line 1: http_port 3128
transparent tproxy Squid Cache (Version 3.0.STABLE6):
Terminated abnormally. CPU Usage: 0.004 seconds = 0.003
user + 0.001 sys Maximum Resident Size: 0 KB
Page faults with physical i/o: 0

[root@cache sbin]# vi ../etc/squid.conf

[root@cache sbin]# ./squid -D
FATAL: Bungled squid.conf line 1: http_port 3128 tproxy
Squid Cache (Version 3.0.STABLE6): Terminated
abnormally. CPU Usage: 0.005 seconds = 0.002 user +
0.003 sys Maximum Resident Size: 0 KB
Page faults with physical i/o: 0

Laszlo Attila Toth escreveu:
      
Nataniel Klug wrote:
        
    Laszlo,

    No use. I compiled with this options:
-----------------------------------------------------
------------------- make clean
./configure --enable-storeio=aufs,diskd,ufs
--enable-removal-policies=heap,lru
--enable-delay-pools --enable-snmp
--enable-default-err-language=Portuguese
--enable-poll --enable-netfilter --with-pthreads
--with-filedescriptors=16384
          
Hm, sorry, but I always miss this option, correctly
this is: --enable-linux-netfilter. Could you try with
it? ^^^^^^^

I hope this is enough for a working configuration. I
tested with enabling nefilter and nothing else...
        

  

-- 
Att,

NATANIEL KLUG
nata@cnett.com.br

LEIA O DIA-A-DIA DO NATA
http://nataklug.blogspot.com/

Cyber Nett - Internet Banda Larga
www.cnett.com.br
(42) 3635-2957
Rua Diogo Pinto, 1046, Centro
Laranjeiras do Sul - PR
Brasil - 85301-290

"... também os sábios possuem coração tangível e podem, por vezes, usar da ciência como meio de demonstrar impressões sentimentais de que muitos não os julgam suscetíveis."
Visconde de Taunay