Hi, Nataniel Klug wrote:
People,
With this advice from Anton I have made some changes. As I could not find Squid-3.1 I used Squid-3HEAD and, for my surprise, using --enable-linux-netfilter it enables "transparent tproxy" feature.
Squid-3 head is also called as Squid-3.1. I don't know the exact versioning of squid.
I will try to make this new compilation using kernel-2.6.25 becouse my test was using 2.6.24.7 (as Anton said).
I will forward port of the kernel patches to 2.6.25 and 2.6.26 and test when I'll have time for it. But first I have to eliminate a problem related to the tproxy that it doesn't work if the interface is in bridge mode (br0, etc). This issue occurs on each versions of tproxy4 (4.0 and 4.1). The 4.0 branch is used internally in our product but my assumption is that when I fix the 4.0, I can find a solution for 4.1, too. Now I have no idea why it goes wrong with a bridge: TPROXY target (and iptables/netfilter) doesn't receive any packets. -- Panther