Jeffrey, As I can see Iptables will be used to redirect packages from your netowork to the tproxy/cache system. Withou this you will need to set the proxy into all your clients... This will not be a transparent cache. Jeffrey 'jf' Lim escreveu:

On Tue, Jun 24, 2008 at 2:51 PM, Laszlo Attila Toth <panther@balabit.hu <mailto:panther@balabit.hu>> wrote:

Jeffrey 'jf' Lim wrote:

just curious, but is there like some kind of a version number for tproxy? Saw a "tproxy-4.0" directory under "legacy" in downloads (http://www.balabit.com/downloads/files/tproxy/obsolete/), but no mention of anything on the main page, nor readme, nor the files in the patch (well, not exactly but.. unless it's "1.5.2.5 <http://1.5.2.5> <http://1.5.2.5>"?)

TProxy 4.0 became available in July 2007, and now its newer version is in the http://www.balabit.com/downloads/files/tproxy directory. This version doesn't have a tproxy table, both the target (TPROXY) and the match (socket) is used in the mangle table.

Current version is 4.1, but sometimes it is also called as simply tproxy4.

I don't mention the older (obsolete) versions anywhere because it is still available if someone want to use it, but they are not maintanined (except TProxy 4.0, as a part of our product's kernel).

ok, thanks. One question - iptables is really for user-level (as in, "a command-line tool") stuff, right? so if all we need is the tproxy functionality, do we really need to bother with patching and compiling iptables?

-jf

-- In the meantime, here is your PSA: "It's so hard to write a graphics driver that open-sourcing it would not help." -- Andrew Fear, Software Product Manager, NVIDIA Corporation http://kerneltrap.org/node/7228 ------------------------------------------------------------------------

_______________________________________________ tproxy mailing list tproxy@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/tproxy

-- Att, NATANIEL KLUG nata@cnett.com.br LEIA O DIA-A-DIA DO NATA http://nataklug.blogspot.com/ Cyber Nett - Internet Banda Larga www.cnett.com.br (42) 3635-2957 Rua Diogo Pinto, 1046, Centro Laranjeiras do Sul - PR Brasil - 85301-290 "... também os sábios possuem coração tangível e podem, por vezes, usar da ciência como meio de demonstrar impressões sentimentais de que muitos não os julgam suscetíveis." Visconde de Taunay

Jeffrey 'jf' Lim írta:

On Tue, Jun 24, 2008 at 2:51 PM, Laszlo Attila Toth <panther@balabit.hu <mailto:panther@balabit.hu>> wrote:

Jeffrey 'jf' Lim wrote:

just curious, but is there like some kind of a version number for tproxy? Saw a "tproxy-4.0" directory under "legacy" in downloads (http://www.balabit.com/downloads/files/tproxy/obsolete/), but no mention of anything on the main page, nor readme, nor the files in the patch (well, not exactly but.. unless it's "1.5.2.5 <http://1.5.2.5> <http://1.5.2.5>"?)

TProxy 4.0 became available in July 2007, and now its newer version is in the http://www.balabit.com/downloads/files/tproxy directory. This version doesn't have a tproxy table, both the target (TPROXY) and the match (socket) is used in the mangle table.

Current version is 4.1, but sometimes it is also called as simply tproxy4.

I don't mention the older (obsolete) versions anywhere because it is still available if someone want to use it, but they are not maintanined (except TProxy 4.0, as a part of our product's kernel).

ok, thanks. One question - iptables is really for user-level (as in, "a command-line tool") stuff, right? so if all we need is the tproxy functionality, do we really need to bother with patching and compiling iptables?

Iptables requires for the transparent proxying setup. For instance the rule redirects via the TPROXY target the packets with destination port to the local host's port 50080: iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --on-port 50080 --tproxy-mark 1/1 After that the squid has to indicate that it accepts packets redirected this way. It happens via the IP_TRANSPARENT socket option. This is why the --enable-linux-netfilter configure option is required for squid. -- Panther