/ However Squid doesnt seem to able to spoof the original IP: / tproxy needs CAP_NET_ADMIN. Which you do not have when running in unprivileged mode. And running in privileged mode (root) is inhibited by squid.
/ Did any one get squid+cttproxy to work on a bridge ? What am I missing />/ ? / Something that gives your squid user the CAP_NET_ADMIN capability.
Doesnt this do it ( squid 2.6, tools.c ) ? I added a debug message and it's printed during init however i still get the ERROR ASSIGN messages. #if LINUX_TPROXY if (need_linux_tproxy) { cap_user_header_t head = (cap_user_header_t) xcalloc(1, sizeof(cap_user_header_t)); cap_user_data_t cap = (cap_user_data_t) xcalloc(1, sizeof(cap_user_data_t)); head->version = _LINUX_CAPABILITY_VERSION; head->pid = 0; cap->inheritable = cap->permitted = cap->effective = (1 << CAP_NET_ADMIN) + (1 << CAP_NET_BIND_SERVICE) + (1 << CAP_NET_BROADCAST); if (capset(head, cap) != 0) { xfree(head); xfree(cap); fatal("Error giving up capabilities"); } debug(50,0) ("Caps set to %x",cap->effective); xfree(head); xfree(cap); } #endif