Hello, I had been struggling for almost a month trying to make tproxy + Squid + Wccp work for me but all my effort gives me only "2007/05/28 11:50:30| tproxy ip=xxx.xxx.xxx.xxx,0x2e11c87a,port=0 ERROR ASSIGN". And I can only see my squid ip with www.dnsstuff.com & www.tracert.com. Please can anyone help me with the correct method & steps to make it work for me ? Regards Rajesh -----Original Message----- From: tproxy-bounces@lists.balabit.hu [mailto:tproxy-bounces@lists.balabit.hu] On Behalf Of tproxy-request@lists.balabit.hu Sent: Sunday, May 27, 2007 3:30 PM To: tproxy@lists.balabit.hu Subject: tproxy Digest, Vol 23, Issue 5 Send tproxy mailing list submissions to tproxy@lists.balabit.hu To subscribe or unsubscribe via the World Wide Web, visit https://lists.balabit.hu/mailman/listinfo/tproxy or, via email, send a message with subject or body 'help' to tproxy-request@lists.balabit.hu You can reach the person managing the list at tproxy-owner@lists.balabit.hu When replying, please edit your Subject line so it is more specific than "Re: Contents of tproxy digest..." Today's Topics: 1. Re: The future of tproxy (Jan Engelhardt) 2. Re: The future of tproxy (Igmar Palsenberg) 3. Re: The future of tproxy (Jan Engelhardt) 4. Re: The future of tproxy (Balazs Scheidler) ---------------------------------------------------------------------- Message: 1 Date: Sat, 26 May 2007 21:16:38 +0200 (MEST) From: Jan Engelhardt <jengelh@linux01.gwdg.de> Subject: Re: [tproxy] The future of tproxy To: Balazs Scheidler <bazsi@balabit.hu> Cc: Nicholas George <nick.george@gmail.com>, tproxy@lists.balabit.hu Message-ID: <Pine.LNX.4.61.0705262114160.7344@yvahk01.tjqt.qr> Content-Type: TEXT/PLAIN; charset=US-ASCII On May 26 2007 07:36, Balazs Scheidler wrote:
What are your future plans for TPROXY? I noticed that there's no plan for NAT in ipv6tables, so are you looking to move away from a NAT approach? Are you considering migrating towards Network Channels?
We definitely want to move away from NAT, and we don't plan to migrate towards network channels. (at least for now).
But how is one supposed to fake addresses then? -- most prominent case: squid Jan -- ------------------------------ Message: 2 Date: Sat, 26 May 2007 22:32:06 +0200 (CEST) From: Igmar Palsenberg <maillist@jdimedia.nl> Subject: Re: [tproxy] The future of tproxy To: Jan Engelhardt <jengelh@linux01.gwdg.de> Cc: Balazs Scheidler <bazsi@balabit.hu>, Nicholas George <nick.george@gmail.com>, tproxy@lists.balabit.hu Message-ID: <Pine.LNX.4.64.0705262231210.30518@jdi.jdi-ict.nl> Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
We definitely want to move away from NAT, and we don't plan to migrate towards network channels. (at least for now).
But how is one supposed to fake addresses then?
By bind()'ing to the remote address, like the way it was done in the Linux 2.2 days. Igmar ------------------------------ Message: 3 Date: Sat, 26 May 2007 22:45:19 +0200 (MEST) From: Jan Engelhardt <jengelh@linux01.gwdg.de> Subject: Re: [tproxy] The future of tproxy To: Igmar Palsenberg <maillist@jdimedia.nl> Cc: Balazs Scheidler <bazsi@balabit.hu>, Nicholas George <nick.george@gmail.com>, tproxy@lists.balabit.hu Message-ID: <Pine.LNX.4.61.0705262244270.7344@yvahk01.tjqt.qr> Content-Type: TEXT/PLAIN; charset=US-ASCII On May 26 2007 22:32, Igmar Palsenberg wrote:
We definitely want to move away from NAT, and we don't plan to migrate towards network channels. (at least for now).
But how is one supposed to fake addresses then?
By bind()'ing to the remote address, like the way it was done in the Linux 2.2 days.
Yeah but you'd still need a local table that lists tproxied sockets, so that for an arbitrary incoming packet it can be decided whether it is to go through the INPUT or FORWARD chain (and subsequently, destination program/host). Jan -- ------------------------------ Message: 4 Date: Sun, 27 May 2007 00:19:43 +0200 From: Balazs Scheidler <bazsi@balabit.hu> Subject: Re: [tproxy] The future of tproxy To: Jan Engelhardt <jengelh@linux01.gwdg.de> Cc: Igmar Palsenberg <maillist@jdimedia.nl>, Nicholas George <nick.george@gmail.com>, tproxy@lists.balabit.hu Message-ID: <1180217983.19697.33.camel@bzorp.balabit> Content-Type: text/plain On Sat, 2007-05-26 at 22:45 +0200, Jan Engelhardt wrote:
On May 26 2007 22:32, Igmar Palsenberg wrote:
We definitely want to move away from NAT, and we don't plan to migrate towards network channels. (at least for now).
But how is one supposed to fake addresses then?
By bind()'ing to the remote address, like the way it was done in the Linux 2.2 days.
Yeah but you'd still need a local table that lists tproxied sockets, so that for an arbitrary incoming packet it can be decided whether it is to go through the INPUT or FORWARD chain (and subsequently, destination program/host).
The local table is the "socket hash". We do a socket lookup early in the input path and divert the packet to the local IP stack by changing its dst_entry. -- Bazsi ------------------------------ _______________________________________________ tproxy mailing list tproxy@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/tproxy End of tproxy Digest, Vol 23, Issue 5 *************************************