Laszlo, Thanks for the help. I will need some advices to configure the system but this is another history... ;) Laszlo Attila Toth escreveu:
Hi,
Nataniel Klug wrote:
People,
With this advice from Anton I have made some changes. As I could not find Squid-3.1 I used Squid-3HEAD and, for my surprise, using --enable-linux-netfilter it enables "transparent tproxy" feature.
Squid-3 head is also called as Squid-3.1. I don't know the exact versioning of squid.
I will try to make this new compilation using kernel-2.6.25 becouse my test was using 2.6.24.7 (as Anton said).
I will forward port of the kernel patches to 2.6.25 and 2.6.26 and test when I'll have time for it. But first I have to eliminate a problem related to the tproxy that it doesn't work if the interface is in bridge mode (br0, etc). This issue occurs on each versions of tproxy4 (4.0 and 4.1). The 4.0 branch is used internally in our product but my assumption is that when I fix the 4.0, I can find a solution for 4.1, too. Now I have no idea why it goes wrong with a bridge: TPROXY target (and iptables/netfilter) doesn't receive any packets.
-- Att, NATANIEL KLUG nata@cnett.com.br LEIA O DIA-A-DIA DO NATA http://nataklug.blogspot.com/ Cyber Nett - Internet Banda Larga www.cnett.com.br (42) 3635-2957 Rua Diogo Pinto, 1046, Centro Laranjeiras do Sul - PR Brasil - 85301-290 "... também os sábios possuem coração tangível e podem, por vezes, usar da ciência como meio de demonstrar impressões sentimentais de que muitos não os julgam suscetíveis." Visconde de Taunay