Gonzalo Arana wrote:
Hi,
On Mon, Mar 3, 2008 at 12:33 PM, Laszlo Attila Toth <panther@balabit.hu> wrote:
Hi,
Gonzalo Arana wrote:
Try the patch located in http://www.squid-cache.org/bugs/show_bug.cgi?id=2129 Please, note that this is still unofficial path. Any feedback about it is much appreciated.
Does the foreign bind work with this patch? I rewrote the patch for
Indeed. I believe it is called freebind.
2.6-STABLE18 and perhaps I missed something. What I see on the webserver is that the squid connects with its own IP address instead of the client's address. Config: http_port 3128 tproxy
Odd. My patch requires that comm_fdopenex be called with COMM_FREEBIND, so that setsockopt(fd, SOL_IP, IP_FREEBIND, &on, ...) is called before bind(2) is.
Sorry if I mentioned something inaccurate, as this is based on my reading of the patch ( and not based on actual testing ) :- 1. The patch requires LINUX_TPROXY to be defined. 2. The patch requires --enable-tproxy to be specified at 'configure'. 3. However, on a machine supporting tproxy-4.0.x, there is no such include file :- #include <linux/netfilter_ipv4/ip_tproxy.h> 4. 'configure' detected the absence of this file, and it silently ignore '--enable-tproxy'. 5. therefore the program has been compiled without LINUX_TPROXY defined. Does it explain why tproxy has not been honoured ? Cheers