Hello! Have compiling the kernel 2.6.24 with the patch of tproxy and also the iptables. When running lsmode | grep TPROXY, the modules are running. Have compiling the Squid 3 with the option - enable-linux-tproxy4, in the compilation not happening I do not see this option, but neither gave any error. When I try to run the squid with the option: http_port 3128 tproxy, gives error in the squid. And I can not go there. Does tá missing something? As I look, Emerson Gregorio
Hello, Emerson Gregorio wrote:
Hello! Have compiling the kernel 2.6.24 with the patch of tproxy and also the iptables. When running lsmode | grep TPROXY, the modules are running. Have compiling the Squid 3 with the option - enable-linux-tproxy4, in the compilation not happening I do not see this option, but neither gave any error.
Please use --enable-linux-netfilter...
When I try to run the squid with the option: http_port 3128 tproxy, gives error in the squid.
and http_port 3128 tproxy transparent. The enable-linux-tproxy4 was an intermediate option, finally it was removed and its functionality merged into enable-linux-netfilter. Regards, -- Panther
Hello
When I try to run the squid with the option: http_port 3128 tproxy, gives error in the squid.
Please use --enable-linux-netfilter... The enable-linux-tproxy4 was an intermediate option, finally it was removed and its functionality merged into enable-linux-netfilter.
Hello I am a bit confused about the various versions of the tproxy patch and squid I am now using squid 3.0.STABLE6 and linux kernel 2.6.24 as packaged for the next version of debian, lenny. Is this version of squid supposed to already include the tproxy patch when compiled with enable-linux-netfilter ? (it seemed not to me) and if not, which is the version where the enable-linux-netfilter started to include the tproxy functionnality ? is there a patch I could apply to the 3.0.STABLE6 integrated in debian lenny ? Thanks, J.
Correct me if I'm wrong, but I think only squidHEAD has native support for tproxy. On 04/07/2008, at 05:20, Jérôme Santini wrote:
Hello
When I try to run the squid with the option: http_port 3128 tproxy, gives error in the squid.
Please use --enable-linux-netfilter... The enable-linux-tproxy4 was an intermediate option, finally it was removed and its functionality merged into enable-linux-netfilter.
Hello
I am a bit confused about the various versions of the tproxy patch and squid
I am now using squid 3.0.STABLE6 and linux kernel 2.6.24 as packaged for the next version of debian, lenny.
Is this version of squid supposed to already include the tproxy patch when compiled with enable-linux-netfilter ? (it seemed not to me) and if not, which is the version where the enable-linux-netfilter started to include the tproxy functionnality ?
is there a patch I could apply to the 3.0.STABLE6 integrated in debian lenny ?
Thanks, J.
_______________________________________________ tproxy mailing list tproxy@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/tproxy
Felipe Cruxen a écrit :
Correct me if I'm wrong, but I think only squidHEAD has native support for tproxy.
ooooh and are there patches for squid 3.0 or squid 2.7, then ? I can only see one patch for tproxy-squid-2.6-STABLE18. Is it the only version usable with tproxy, beside the developpement version ? J.
Jérôme Santini írta:
Felipe Cruxen a écrit :
Correct me if I'm wrong, but I think only squidHEAD has native support for tproxy.
Yes, it has.
ooooh
and are there patches for squid 3.0 or squid 2.7, then ? I can only see one patch for tproxy-squid-2.6-STABLE18. Is it the only version usable with tproxy, beside the developpement version ?
The Squid head (3.1) has native tproxy support, for 3.0: I don't know, I published this patch for squid-3 when it was under development. During this period it had an enable-linux-tproxy4 option which was removed. The proxy-squid-2.6-STABLE18 is an unfinished patch, because the Squid works but without foreign address bind (cannot spoof the client address). -- Panther
Laszlo Attila Toth a écrit :
The Squid head (3.1) has native tproxy support, for 3.0: I don't know, I published this patch for squid-3 when it was under development. During this period it had an enable-linux-tproxy4 option which was removed.
The proxy-squid-2.6-STABLE18 is an unfinished patch, because the Squid works but without foreign address bind (cannot spoof the client address).
OK, fine so which is the recommended squid version to run now for use with tproxy in production ? the squid 3.1 "of the day" ? J.
Hi, Jérôme Santini írta:
Laszlo Attila Toth a écrit :
The Squid head (3.1) has native tproxy support, for 3.0: I don't know, I published this patch for squid-3 when it was under development. During this period it had an enable-linux-tproxy4 option which was removed.
The proxy-squid-2.6-STABLE18 is an unfinished patch, because the Squid works but without foreign address bind (cannot spoof the client address).
OK, fine
so which is the recommended squid version to run now for use with tproxy in production ? the squid 3.1 "of the day" ?
I think the squid user list is the right place for asking it. With cttproxy2 (TProxy2) you can use any version of squid, and kernels not newer than 2.6.22. With TProxy 4.1 the only supported version was the squid-3 HEAD (called as Squid-3.1) in April. I don't know the current status of squid. -- Panther
Jérôme Santini írta:
Hello
When I try to run the squid with the option: http_port 3128 tproxy, gives error in the squid.
Please use --enable-linux-netfilter... The enable-linux-tproxy4 was an intermediate option, finally it was removed and its functionality merged into enable-linux-netfilter.
Hello
I am a bit confused about the various versions of the tproxy patch and squid
Old versions are moved to the obsoleted directory, the latest version remains in the download directory. By the way this is version 4.1, but the downloadable files don't contain this information in their names.
I am now using squid 3.0.STABLE6 and linux kernel 2.6.24 as packaged for the next version of debian, lenny.
Is this version of squid supposed to already include the tproxy patch when compiled with enable-linux-netfilter ? (it seemed not to me) and if not, which is the version where the enable-linux-netfilter started to include the tproxy functionnality ?
is there a patch I could apply to the 3.0.STABLE6 integrated in debian lenny ?
I'm not sure whether it has a tproxy patch or not. If it is supported, there is a new socket option, IP_TRANSPARENT which is defined to the value 19.
Thanks, J.
-- Panther
participants (4)
-
Emerson Gregorio
-
Felipe Cruxen
-
Jérôme Santini
-
Laszlo Attila Toth