tproxy + squid 3 + kernel 2.6.25 + iptables 1.4.0
Hello guys, I am having serius problems on putting this system to run. My system is: CentOS v5.1 (like Red Hat Enterprises) Kernel 2.6.25 - compiled with this patches: - http://www.balabit.com/downloads/files/tproxy/tproxy-kernel-2.6.25-20080519-... - http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.18.... Iptables 1.4.0 - compiled with this patches: - http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.18.... - wget http://www.balabit.com/downloads/files/tproxy/tproxy-iptables-1.4.0-20080521... - wget http://www.balabit.com/downloads/files/tproxy/tproxy-iptables-20080204-1915.... All tproxy patchs I have get from: http://www.balabit.com/downloads/files/tproxy/ When I tryed to use iptables it works just fine with TPROXY rules. So it is ok to work. Now I want to compile Squid: Squid source: http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE6.tar.gz I used this command line to configure: ./configure *--enable-linux-tproxy *--with-large-files --with-filedescriptors=16384 --enable-storeio=aufs,coss,diskd,ufs --enable-poll --enable-delay-pools --enable-htcp --enable-carp --with-pthreads --enable-underscores --enable-external --enable-arp-acl During the process it came with this message: checking for linux/netfilter_ipv4.h... yes checking for linux/netfilter_ipv4/ip_tproxy.h... no ... checking if TPROXY header files are installed... no WARNING: Cannot find TPROXY headers, you need to install the tproxy package from: - lynx http://www.balabit.com/downloads/tproxy/ I have come into /usr/src/linux and found a xt_TPROXY.h file under netfilter directory but NO ip_tproxy.h. Here is the problem. After all squid compilation it is installed but when I try to use: http_port 3128 transparent tproxy It returns an error. What can I do to solve this problem? -- Att, NATANIEL KLUG nata@cnett.com.br LEIA O DIA-A-DIA DO NATA http://nataklug.blogspot.com/ Cyber Nett - Internet Banda Larga www.cnett.com.br (42) 3635-2957 Rua Diogo Pinto, 1046, Centro Laranjeiras do Sul - PR Brasil - 85301-290 "... também os sábios possuem coração tangível e podem, por vezes, usar da ciência como meio de demonstrar impressões sentimentais de que muitos não os julgam suscetíveis." Visconde de Taunay
I am using almost the same software...I copied the file and renamed it. I used Squid3HEAD and it compiled and ran fine...but I still have not been able to get it fully working... ________________________________ From: tproxy-bounces@lists.balabit.hu [mailto:tproxy-bounces@lists.balabit.hu] On Behalf Of Nataniel Klug Sent: Wednesday, June 18, 2008 1:08 PM To: tproxy@lists.balabit.hu Subject: [tproxy] tproxy + squid 3 + kernel 2.6.25 + iptables 1.4.0 Hello guys, I am having serius problems on putting this system to run. My system is: CentOS v5.1 (like Red Hat Enterprises) Kernel 2.6.25 - compiled with this patches: - http://www.balabit.com/downloads/files/tproxy/tproxy-kernel-2.6.25-20080519-... - http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.18.... Iptables 1.4.0 - compiled with this patches: - http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.18.... - wget http://www.balabit.com/downloads/files/tproxy/tproxy-iptables-1.4.0-20080521... - wget http://www.balabit.com/downloads/files/tproxy/tproxy-iptables-20080204-1915.... All tproxy patchs I have get from: http://www.balabit.com/downloads/files/tproxy/ When I tryed to use iptables it works just fine with TPROXY rules. So it is ok to work. Now I want to compile Squid: Squid source: http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE6.tar.gz I used this command line to configure: ./configure --enable-linux-tproxy --with-large-files --with-filedescriptors=16384 --enable-storeio=aufs,coss,diskd,ufs --enable-poll --enable-delay-pools --enable-htcp --enable-carp --with-pthreads --enable-underscores --enable-external --enable-arp-acl During the process it came with this message: checking for linux/netfilter_ipv4.h... yes checking for linux/netfilter_ipv4/ip_tproxy.h... no ... checking if TPROXY header files are installed... no WARNING: Cannot find TPROXY headers, you need to install the tproxy package from: - lynx http://www.balabit.com/downloads/tproxy/ I have come into /usr/src/linux and found a xt_TPROXY.h file under netfilter directory but NO ip_tproxy.h. Here is the problem. After all squid compilation it is installed but when I try to use: http_port 3128 transparent tproxy It returns an error. What can I do to solve this problem? -- Att, NATANIEL KLUG nata@cnett.com.br LEIA O DIA-A-DIA DO NATA http://nataklug.blogspot.com/ Cyber Nett - Internet Banda Larga www.cnett.com.br (42) 3635-2957 Rua Diogo Pinto, 1046, Centro Laranjeiras do Sul - PR Brasil - 85301-290 "... também os sábios possuem coração tangível e podem, por vezes, usar da ciência como meio de demonstrar impressões sentimentais de que muitos não os julgam suscetíveis." Visconde de Taunay
Ritter, Nicholas wrote:
I am using almost the same software...I copied the file and renamed it. I used Squid3HEAD and it compiled and ran fine...but I still have not been able to get it fully working...
Which explains why it is not working. If you had posted the exact steps you have taken to setup/configure/compile, your problem could have been solved earlier.
Tryed this rename but during the Squid work the tproxy does not work fine... ;) Ritter, Nicholas escreveu:
I am using almost the same software...I copied the file and renamed it. I used Squid3HEAD and it compiled and ran fine...but I still have not been able to get it fully working...
------------------------------------------------------------------------ *From:* tproxy-bounces@lists.balabit.hu [mailto:tproxy-bounces@lists.balabit.hu] *On Behalf Of *Nataniel Klug *Sent:* Wednesday, June 18, 2008 1:08 PM *To:* tproxy@lists.balabit.hu *Subject:* [tproxy] tproxy + squid 3 + kernel 2.6.25 + iptables 1.4.0
Hello guys,
I am having serius problems on putting this system to run. My system is:
CentOS v5.1 (like Red Hat Enterprises)
Kernel 2.6.25 - compiled with this patches: - http://www.balabit.com/downloads/files/tproxy/tproxy-kernel-2.6.25-20080519-... - http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.18....
Iptables 1.4.0 - compiled with this patches: - http://ufpr.dl.sourceforge.net/sourceforge/l7-filter/netfilter-layer7-v2.18.... - wget http://www.balabit.com/downloads/files/tproxy/tproxy-iptables-1.4.0-20080521... - wget http://www.balabit.com/downloads/files/tproxy/tproxy-iptables-20080204-1915....
All tproxy patchs I have get from:
http://www.balabit.com/downloads/files/tproxy/
When I tryed to use iptables it works just fine with TPROXY rules. So it is ok to work. Now I want to compile Squid:
Squid source: http://www.squid-cache.org/Versions/v3/3.0/squid-3.0.STABLE6.tar.gz
I used this command line to configure:
./configure *--enable-linux-tproxy *--with-large-files --with-filedescriptors=16384 --enable-storeio=aufs,coss,diskd,ufs --enable-poll --enable-delay-pools --enable-htcp --enable-carp --with-pthreads --enable-underscores --enable-external --enable-arp-acl
During the process it came with this message:
checking for linux/netfilter_ipv4.h... yes checking for linux/netfilter_ipv4/ip_tproxy.h... no ... checking if TPROXY header files are installed... no WARNING: Cannot find TPROXY headers, you need to install the tproxy package from: - lynx http://www.balabit.com/downloads/tproxy/
I have come into /usr/src/linux and found a xt_TPROXY.h file under netfilter directory but NO ip_tproxy.h. Here is the problem. After all squid compilation it is installed but when I try to use:
http_port 3128 transparent tproxy
It returns an error. What can I do to solve this problem? -- Att,
NATANIEL KLUG nata@cnett.com.br
LEIA O DIA-A-DIA DO NATA http://nataklug.blogspot.com/
Cyber Nett - Internet Banda Larga www.cnett.com.br (42) 3635-2957 Rua Diogo Pinto, 1046, Centro Laranjeiras do Sul - PR Brasil - 85301-290
"... também os sábios possuem coração tangível e podem, por vezes, usar da ciência como meio de demonstrar impressões sentimentais de que muitos não os julgam suscetíveis." Visconde de Taunay ------------------------------------------------------------------------
_______________________________________________ tproxy mailing list tproxy@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/tproxy
-- Att, NATANIEL KLUG nata@cnett.com.br LEIA O DIA-A-DIA DO NATA http://nataklug.blogspot.com/ Cyber Nett - Internet Banda Larga www.cnett.com.br (42) 3635-2957 Rua Diogo Pinto, 1046, Centro Laranjeiras do Sul - PR Brasil - 85301-290 "... também os sábios possuem coração tangível e podem, por vezes, usar da ciência como meio de demonstrar impressões sentimentais de que muitos não os julgam suscetíveis." Visconde de Taunay
Nataniel Klug wrote:
I used this command line to configure:
./configure *--enable-linux-tproxy *--with-large-files --with-filedescriptors=16384 --enable-storeio=aufs,coss,diskd,ufs --enable-poll --enable-delay-pools --enable-htcp --enable-carp --with-pthreads --enable-underscores --enable-external --enable-arp-acl
I believe you got the wrong configure options. If should be configure --enable-linux-tproxy4 or something like that. Check the docs, or try ./configure --help.
Ming-Ching Tiew wrote:
Nataniel Klug wrote:
I used this command line to configure:
./configure *--enable-linux-tproxy *--with-large-files --with-filedescriptors=16384 --enable-storeio=aufs,coss,diskd,ufs --enable-poll --enable-delay-pools --enable-htcp --enable-carp --with-pthreads --enable-underscores --enable-external --enable-arp-acl
I believe you got the wrong configure options. If should be configure --enable-linux-tproxy4 or something like that. Check the docs, or try ./configure --help.
It is --enable-netfilter for tproxy v4.1. But I wrote it some time earlier and this is the same in the README at: http://www.balabit.com/downloads/files/tproxy/README.txt -- Panther
Laszlo Attila Toth írta:
Ming-Ching Tiew wrote:
Nataniel Klug wrote:
I used this command line to configure:
./configure *--enable-linux-tproxy *--with-large-files --with-filedescriptors=16384 --enable-storeio=aufs,coss,diskd,ufs --enable-poll --enable-delay-pools --enable-htcp --enable-carp --with-pthreads --enable-underscores --enable-external --enable-arp-acl
I believe you got the wrong configure options. If should be configure --enable-linux-tproxy4 or something like that. Check the docs, or try ./configure --help.
It is --enable-netfilter for tproxy v4.1. But I wrote it some time earlier and this is the same in the README at:
I mean I updated it. -- Panther
Ok... I will try again with this new option. Laszlo Attila Toth escreveu:
Laszlo Attila Toth írta:
It is --enable-netfilter for tproxy v4.1. But I wrote it some time earlier and this is the same in the README at:
I mean I updated it.
-- Att, NATANIEL KLUG nata@cnett.com.br LEIA O DIA-A-DIA DO NATA http://nataklug.blogspot.com/ Cyber Nett - Internet Banda Larga www.cnett.com.br (42) 3635-2957 Rua Diogo Pinto, 1046, Centro Laranjeiras do Sul - PR Brasil - 85301-290 "... também os sábios possuem coração tangível e podem, por vezes, usar da ciência como meio de demonstrar impressões sentimentais de que muitos não os julgam suscetíveis." Visconde de Taunay
Laszlo, No use. I compiled with this options: ------------------------------------------------------------------------ make clean ./configure --enable-storeio=aufs,diskd,ufs --enable-removal-policies=heap,lru --enable-delay-pools --enable-snmp --enable-default-err-language=Portuguese --enable-poll --enable-netfilter --with-pthreads --with-filedescriptors=16384 make make instal ------------------------------------------------------------------------ No problem compiling this. So I put it into my squid.conf: ------------------------------------------------------------------------ http_port 3128 transparent tproxy ------------------------------------------------------------------------ So the return was: ------------------------------------------------------------------------ FATAL: Bungled squid.conf line 1: http_port 3128 transparent tproxy Squid Cache (Version 3.0.STABLE6): Terminated abnormally. CPU Usage: 0.004 seconds = 0.001 user + 0.003 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 0 ------------------------------------------------------------------------ I tryed "http_port 3128 tproxy" but the same error occur. When I use only "transparent" it runs normaly. Waiting for more help. Laszlo Attila Toth escreveu:
It is --enable-netfilter for tproxy v4.1. But I wrote it some time earlier and this is the same in the README at:
-- Att, NATANIEL KLUG nata@cnett.com.br LEIA O DIA-A-DIA DO NATA http://nataklug.blogspot.com/ Cyber Nett - Internet Banda Larga www.cnett.com.br (42) 3635-2957 Rua Diogo Pinto, 1046, Centro Laranjeiras do Sul - PR Brasil - 85301-290 "... também os sábios possuem coração tangível e podem, por vezes, usar da ciência como meio de demonstrar impressões sentimentais de que muitos não os julgam suscetíveis." Visconde de Taunay
Nataniel Klug wrote:
Laszlo,
No use. I compiled with this options: ------------------------------------------------------------------------ make clean ./configure --enable-storeio=aufs,diskd,ufs --enable-removal-policies=heap,lru --enable-delay-pools --enable-snmp --enable-default-err-language=Portuguese --enable-poll --enable-netfilter --with-pthreads --with-filedescriptors=16384
Hm, sorry, but I always miss this option, correctly this is: --enable-linux-netfilter. Could you try with it? ^^^^^^^ I hope this is enough for a working configuration. I tested with enabling nefilter and nothing else... -- Laszlo
Laszlo, Nope... Same error as before. I have a file named xt_TPROXY that was compiled with kernel but I this the software is not reading it. I will try with tproxy4 option again. [root@cache sbin]# ./squid -D FATAL: Bungled squid.conf line 1: http_port 3128 transparent tproxy Squid Cache (Version 3.0.STABLE6): Terminated abnormally. CPU Usage: 0.004 seconds = 0.003 user + 0.001 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 0 [root@cache sbin]# vi ../etc/squid.conf [root@cache sbin]# ./squid -D FATAL: Bungled squid.conf line 1: http_port 3128 tproxy Squid Cache (Version 3.0.STABLE6): Terminated abnormally. CPU Usage: 0.005 seconds = 0.002 user + 0.003 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 0 Laszlo Attila Toth escreveu:
Nataniel Klug wrote:
Laszlo,
No use. I compiled with this options: ------------------------------------------------------------------------ make clean ./configure --enable-storeio=aufs,diskd,ufs --enable-removal-policies=heap,lru --enable-delay-pools --enable-snmp --enable-default-err-language=Portuguese --enable-poll --enable-netfilter --with-pthreads --with-filedescriptors=16384
Hm, sorry, but I always miss this option, correctly this is: --enable-linux-netfilter. Could you try with it? ^^^^^^^
I hope this is enough for a working configuration. I tested with enabling nefilter and nothing else...
-- Att, NATANIEL KLUG nata@cnett.com.br LEIA O DIA-A-DIA DO NATA http://nataklug.blogspot.com/ Cyber Nett - Internet Banda Larga www.cnett.com.br (42) 3635-2957 Rua Diogo Pinto, 1046, Centro Laranjeiras do Sul - PR Brasil - 85301-290 "... também os sábios possuem coração tangível e podem, por vezes, usar da ciência como meio de demonstrar impressões sentimentais de que muitos não os julgam suscetíveis." Visconde de Taunay
No luck using tproxy4. Nataniel Klug escreveu:
Laszlo,
Nope... Same error as before. I have a file named xt_TPROXY that was compiled with kernel but I this the software is not reading it. I will try with tproxy4 option again.
[root@cache sbin]# ./squid -D FATAL: Bungled squid.conf line 1: http_port 3128 transparent tproxy Squid Cache (Version 3.0.STABLE6): Terminated abnormally. CPU Usage: 0.004 seconds = 0.003 user + 0.001 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 0
[root@cache sbin]# vi ../etc/squid.conf
[root@cache sbin]# ./squid -D FATAL: Bungled squid.conf line 1: http_port 3128 tproxy Squid Cache (Version 3.0.STABLE6): Terminated abnormally. CPU Usage: 0.005 seconds = 0.002 user + 0.003 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 0
Laszlo Attila Toth escreveu:
Nataniel Klug wrote:
Laszlo,
No use. I compiled with this options: ------------------------------------------------------------------------ make clean ./configure --enable-storeio=aufs,diskd,ufs --enable-removal-policies=heap,lru --enable-delay-pools --enable-snmp --enable-default-err-language=Portuguese --enable-poll --enable-netfilter --with-pthreads --with-filedescriptors=16384
Hm, sorry, but I always miss this option, correctly this is: --enable-linux-netfilter. Could you try with it? ^^^^^^^
I hope this is enough for a working configuration. I tested with enabling nefilter and nothing else...
-- Att, NATANIEL KLUG nata@cnett.com.br LEIA O DIA-A-DIA DO NATA http://nataklug.blogspot.com/ Cyber Nett - Internet Banda Larga www.cnett.com.br (42) 3635-2957 Rua Diogo Pinto, 1046, Centro Laranjeiras do Sul - PR Brasil - 85301-290 "... também os sábios possuem coração tangível e podem, por vezes, usar da ciência como meio de demonstrar impressões sentimentais de que muitos não os julgam suscetíveis." Visconde de Taunay
Nataniel, look more carefully at your setup, and I advice to use 2.6.24 kernel (2.6.25 TPROXY (no blame at the TPROXY patch - since plain 2.6.25 may hang to - just not tried!) patched was silently hanging on the same PC after 1-3 hours of working) - I've got it working with squid 3.1 and iptables 1.4.x - though list time I tryed there was some issues, which supposely fixed in the latest TPROXY patch to 2.6.24 kernel - but definitelly everything compiles and works, specificially in the very light load. On Thursday 19 June 2008 17:28, Nataniel Klug wrote:
No luck using tproxy4.
Nataniel Klug escreveu:
Laszlo,
Nope... Same error as before. I have a file named xt_TPROXY that was compiled with kernel but I this the software is not reading it. I will try with tproxy4 option again.
[root@cache sbin]# ./squid -D FATAL: Bungled squid.conf line 1: http_port 3128 transparent tproxy Squid Cache (Version 3.0.STABLE6): Terminated abnormally. CPU Usage: 0.004 seconds = 0.003 user + 0.001 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 0
[root@cache sbin]# vi ../etc/squid.conf
[root@cache sbin]# ./squid -D FATAL: Bungled squid.conf line 1: http_port 3128 tproxy Squid Cache (Version 3.0.STABLE6): Terminated abnormally. CPU Usage: 0.005 seconds = 0.002 user + 0.003 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 0
Laszlo Attila Toth escreveu:
Nataniel Klug wrote:
Laszlo,
No use. I compiled with this options: ----------------------------------------------------- ------------------- make clean ./configure --enable-storeio=aufs,diskd,ufs --enable-removal-policies=heap,lru --enable-delay-pools --enable-snmp --enable-default-err-language=Portuguese --enable-poll --enable-netfilter --with-pthreads --with-filedescriptors=16384
Hm, sorry, but I always miss this option, correctly this is: --enable-linux-netfilter. Could you try with it? ^^^^^^^
I hope this is enough for a working configuration. I tested with enabling nefilter and nothing else...
Anton, I am downloading kernel-2.6.24.7 and I will try to compile it with iptables 1.4 and Squid-3HEAD (I could not find any squid-3.1). Anton escreveu:
Nataniel, look more carefully at your setup, and I advice to use 2.6.24 kernel (2.6.25 TPROXY (no blame at the TPROXY patch - since plain 2.6.25 may hang to - just not tried!) patched was silently hanging on the same PC after 1-3 hours of working) - I've got it working with squid 3.1 and iptables 1.4.x - though list time I tryed there was some issues, which supposely fixed in the latest TPROXY patch to 2.6.24 kernel - but definitelly everything compiles and works, specificially in the very light load.
On Thursday 19 June 2008 17:28, Nataniel Klug wrote:
No luck using tproxy4.
Nataniel Klug escreveu:
Laszlo,
Nope... Same error as before. I have a file named xt_TPROXY that was compiled with kernel but I this the software is not reading it. I will try with tproxy4 option again.
[root@cache sbin]# ./squid -D FATAL: Bungled squid.conf line 1: http_port 3128 transparent tproxy Squid Cache (Version 3.0.STABLE6): Terminated abnormally. CPU Usage: 0.004 seconds = 0.003 user + 0.001 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 0
[root@cache sbin]# vi ../etc/squid.conf
[root@cache sbin]# ./squid -D FATAL: Bungled squid.conf line 1: http_port 3128 tproxy Squid Cache (Version 3.0.STABLE6): Terminated abnormally. CPU Usage: 0.005 seconds = 0.002 user + 0.003 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 0
Laszlo Attila Toth escreveu:
Nataniel Klug wrote:
Laszlo,
No use. I compiled with this options: ----------------------------------------------------- ------------------- make clean ./configure --enable-storeio=aufs,diskd,ufs --enable-removal-policies=heap,lru --enable-delay-pools --enable-snmp --enable-default-err-language=Portuguese --enable-poll --enable-netfilter --with-pthreads --with-filedescriptors=16384
Hm, sorry, but I always miss this option, correctly this is: --enable-linux-netfilter. Could you try with it? ^^^^^^^
I hope this is enough for a working configuration. I tested with enabling nefilter and nothing else...
-- Att, NATANIEL KLUG nata@cnett.com.br LEIA O DIA-A-DIA DO NATA http://nataklug.blogspot.com/ Cyber Nett - Internet Banda Larga www.cnett.com.br (42) 3635-2957 Rua Diogo Pinto, 1046, Centro Laranjeiras do Sul - PR Brasil - 85301-290 "... tambe'm os sa'bios possuem corac,a~o tangi'vel e podem, por vezes, usar da cie^ncia como meio de demonstrar impresso~es sentimentais de que muitos na~o os julgam susceti'veis." Visconde de Taunay
People, With this advice from Anton I have made some changes. As I could not find Squid-3.1 I used Squid-3HEAD and, for my surprise, using --enable-linux-netfilter it enables "transparent tproxy" feature. I will try to make this new compilation using kernel-2.6.25 becouse my test was using 2.6.24.7 (as Anton said). Hope for this all to function... Anton escreveu:
Nataniel, look more carefully at your setup, and I advice to use 2.6.24 kernel (2.6.25 TPROXY (no blame at the TPROXY patch - since plain 2.6.25 may hang to - just not tried!) patched was silently hanging on the same PC after 1-3 hours of working) - I've got it working with squid 3.1 and iptables 1.4.x - though list time I tryed there was some issues, which supposely fixed in the latest TPROXY patch to 2.6.24 kernel - but definitelly everything compiles and works, specificially in the very light load.
On Thursday 19 June 2008 17:28, Nataniel Klug wrote:
No luck using tproxy4.
Nataniel Klug escreveu:
Laszlo,
Nope... Same error as before. I have a file named xt_TPROXY that was compiled with kernel but I this the software is not reading it. I will try with tproxy4 option again.
[root@cache sbin]# ./squid -D FATAL: Bungled squid.conf line 1: http_port 3128 transparent tproxy Squid Cache (Version 3.0.STABLE6): Terminated abnormally. CPU Usage: 0.004 seconds = 0.003 user + 0.001 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 0
[root@cache sbin]# vi ../etc/squid.conf
[root@cache sbin]# ./squid -D FATAL: Bungled squid.conf line 1: http_port 3128 tproxy Squid Cache (Version 3.0.STABLE6): Terminated abnormally. CPU Usage: 0.005 seconds = 0.002 user + 0.003 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 0
Laszlo Attila Toth escreveu:
Nataniel Klug wrote:
Laszlo,
No use. I compiled with this options: ----------------------------------------------------- ------------------- make clean ./configure --enable-storeio=aufs,diskd,ufs --enable-removal-policies=heap,lru --enable-delay-pools --enable-snmp --enable-default-err-language=Portuguese --enable-poll --enable-netfilter --with-pthreads --with-filedescriptors=16384
Hm, sorry, but I always miss this option, correctly this is: --enable-linux-netfilter. Could you try with it? ^^^^^^^
I hope this is enough for a working configuration. I tested with enabling nefilter and nothing else...
-- Att, NATANIEL KLUG nata@cnett.com.br LEIA O DIA-A-DIA DO NATA http://nataklug.blogspot.com/ Cyber Nett - Internet Banda Larga www.cnett.com.br (42) 3635-2957 Rua Diogo Pinto, 1046, Centro Laranjeiras do Sul - PR Brasil - 85301-290 "... tambe'm os sa'bios possuem corac,a~o tangi'vel e podem, por vezes, usar da cie^ncia como meio de demonstrar impresso~es sentimentais de que muitos na~o os julgam susceti'veis." Visconde de Taunay
Hi, Nataniel Klug wrote:
People,
With this advice from Anton I have made some changes. As I could not find Squid-3.1 I used Squid-3HEAD and, for my surprise, using --enable-linux-netfilter it enables "transparent tproxy" feature.
Squid-3 head is also called as Squid-3.1. I don't know the exact versioning of squid.
I will try to make this new compilation using kernel-2.6.25 becouse my test was using 2.6.24.7 (as Anton said).
I will forward port of the kernel patches to 2.6.25 and 2.6.26 and test when I'll have time for it. But first I have to eliminate a problem related to the tproxy that it doesn't work if the interface is in bridge mode (br0, etc). This issue occurs on each versions of tproxy4 (4.0 and 4.1). The 4.0 branch is used internally in our product but my assumption is that when I fix the 4.0, I can find a solution for 4.1, too. Now I have no idea why it goes wrong with a bridge: TPROXY target (and iptables/netfilter) doesn't receive any packets. -- Panther
Laszlo Attila Toth wrote:
I will forward port of the kernel patches to 2.6.25 and 2.6.26 and test when I'll have time for it. But first I have to eliminate a problem related to the tproxy that it doesn't work if the interface is in bridge mode (br0, etc). This issue occurs on each versions of tproxy4 (4.0 and 4.1). The 4.0 branch is used internally in our product but my assumption is that when I fix the 4.0, I can find a solution for 4.1, too. Now I have no idea why it goes wrong with a bridge: TPROXY target (and iptables/netfilter) doesn't receive any packets.
I did mentioned about this long long time ago. If you search through the older posts, I did mentioned a "workaround" for it. Unless now you are working on a fix in the kernel. Basically, I use ebtables to redirect the traffic to enter and leave via the physical interface instead of the (virtual) bridge interface. Regards.
Ming-Ching Tiew wrote:
Laszlo Attila Toth wrote:
I will forward port of the kernel patches to 2.6.25 and 2.6.26 and test when I'll have time for it. But first I have to eliminate a problem related to the tproxy that it doesn't work if the interface is in bridge mode (br0, etc). This issue occurs on each versions of tproxy4 (4.0 and 4.1). The 4.0 branch is used internally in our product but my assumption is that when I fix the 4.0, I can find a solution for 4.1, too. Now I have no idea why it goes wrong with a bridge: TPROXY target (and iptables/netfilter) doesn't receive any packets.
I did mentioned about this long long time ago. If you search through the older posts, I did mentioned a "workaround" for it. Unless now you are working on a fix in the kernel.
Basically, I use ebtables to redirect the traffic to enter and leave via the physical interface instead of the (virtual) bridge interface.
Hm, I forgot it, thanks. I remembered as when I tried it with TProxy, 4.1, it didn't work. Perhaps I used wrong version of ebtables userspace. In this case it is only a 4.1 problem. -- Panther
Laszlo Attila Toth wrote:
I remembered as when I tried it with TProxy, 4.1, it didn't work. Perhaps I used wrong version of ebtables userspace. In this case it is only a 4.1 problem.
I doubt if it would be an ebtables compatibility problem, but I might be wrong. If at all it is not working, I would say it's likely be firewall/iptables problem, because now the packets enters and leaves via real physical interfaces, so the iptables rules ( if there is any ) will have to be adjusted accordingly. Cheers.
Laszlo, Thanks for the help. I will need some advices to configure the system but this is another history... ;) Laszlo Attila Toth escreveu:
Hi,
Nataniel Klug wrote:
People,
With this advice from Anton I have made some changes. As I could not find Squid-3.1 I used Squid-3HEAD and, for my surprise, using --enable-linux-netfilter it enables "transparent tproxy" feature.
Squid-3 head is also called as Squid-3.1. I don't know the exact versioning of squid.
I will try to make this new compilation using kernel-2.6.25 becouse my test was using 2.6.24.7 (as Anton said).
I will forward port of the kernel patches to 2.6.25 and 2.6.26 and test when I'll have time for it. But first I have to eliminate a problem related to the tproxy that it doesn't work if the interface is in bridge mode (br0, etc). This issue occurs on each versions of tproxy4 (4.0 and 4.1). The 4.0 branch is used internally in our product but my assumption is that when I fix the 4.0, I can find a solution for 4.1, too. Now I have no idea why it goes wrong with a bridge: TPROXY target (and iptables/netfilter) doesn't receive any packets.
-- Att, NATANIEL KLUG nata@cnett.com.br LEIA O DIA-A-DIA DO NATA http://nataklug.blogspot.com/ Cyber Nett - Internet Banda Larga www.cnett.com.br (42) 3635-2957 Rua Diogo Pinto, 1046, Centro Laranjeiras do Sul - PR Brasil - 85301-290 "... também os sábios possuem coração tangível e podem, por vezes, usar da ciência como meio de demonstrar impressões sentimentais de que muitos não os julgam suscetíveis." Visconde de Taunay
Ming, I have tryed this option but it is not into ./configure --help. I found it on a Indonesian forum... No use for this. Ming-Ching Tiew escreveu:
I believe you got the wrong configure options. If should be configure --enable-linux-tproxy4 or something like that. Check the docs, or try ./configure --help.
-- Att, NATANIEL KLUG nata@cnett.com.br LEIA O DIA-A-DIA DO NATA http://nataklug.blogspot.com/ Cyber Nett - Internet Banda Larga www.cnett.com.br (42) 3635-2957 Rua Diogo Pinto, 1046, Centro Laranjeiras do Sul - PR Brasil - 85301-290 "... também os sábios possuem coração tangível e podem, por vezes, usar da ciência como meio de demonstrar impressões sentimentais de que muitos não os julgam suscetíveis." Visconde de Taunay
participants (5)
-
Anton
-
Laszlo Attila Toth
-
Ming-Ching Tiew
-
Nataniel Klug
-
Ritter, Nicholas