On Tue, 9 Mar 2004, KOVACS Krisztian wrote:
You should note that 1.9.2 is not compatible with Gianni Tedesco's Squid patches, and that his latest patches are actually quite old and buggy. You probably would have to use TProxy 1.2, which is for Linux 2.4... (Actually I have a patch for 2.6, but it's nor binary compatible with 2.4 versions, so you would have to recompile Squid, nor well-tested.) Unfortunately I can't help more regarding Squid. Please contact Gianni Tedesco for more information.
Unfortunately I have not heard from Gianni, but I am hoping I might ask a couple of questions :) : 1. When an application sets up for a tproxy foreign source address according to the cttproxy-2.6.3-1.9.2 README, do any other iptables rules need to be added to activate what the application has setup? 2. Gianni's patches had : int f=ITP_CONNECT; struct in_tproxy itp; itp.itp_faddr.s_addr = fwdState->src.sin_addr.s_addr; itp.itp_fport = fwdState->src.sin_port; setsockopt(fd, SOL_IP, IP_TPROXY_ASSIGN, &itp, sizeof(itp)); setsockopt(fd, SOL_IP, IP_TPROXY_FLAGS, &f, sizeof(f)); which I have replaced with : int f=ITP_CONNECT; struct in_tproxy itp; itp.v.addr.faddr.s_addr = fwdState->src.sin_addr.s_addr; itp.v.addr.fport = fwdState->src.sin_port; setsockopt(fd, SOL_IP, TPROXY_ASSIGN, &itp, sizeof(itp)); setsockopt(fd, SOL_IP, TPROXY_FLAGS, &f, sizeof(f)); Does this appear to be a correct code update? I ask because it compiles clean, strace says the setsockopt() calls are successfull, but the outgoing source addresses are always the Squid PC's address :(. Again, sorry to bother. Would appreciate even a pointer to a small code sample that does the transparent proxy this way that I could learn from. thanks, JES -- James B. MacLean macleajb@ednet.ns.ca Department of Education Nova Scotia, Canada