Re: [tproxy] Fwd: Tproxy changes for performing dual NAT
Hello, How did you compile squid with linux 2.6.22. I tried but it complains about ip_tproxy.h, etc. I'm going back to earlier version until I saw your post that you are able to do this. Regards, S. Moala -----Original Message----- From: tproxy-bounces@lists.balabit.hu [mailto:tproxy-bounces@lists.balabit.hu] On Behalf Of Arun S Sent: Saturday, October 27, 2007 2:06 AM To: Tóth László Attila; KOVACS Krisztian Cc: tproxy@lists.balabit.hu Subject: Re: [tproxy] Fwd: Tproxy changes for performing dual NAT Hi Kovacs/Attila, I have successfully applied your patches tproxy4-2.6.22_20070622.tar.bz2 on linux-2.6.22 and got all the modules compiled. Also iptables-1.4.0rc1 is applied with the patch iptables-tproxy-200710091749.diff. But I get error while adding the following rule: [root@Arun-FC6-SQUID linux-tproxy4-RnD]# iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark iptables v1.4.0rc1: Unknown arg `--tproxy-mark' Try `iptables -h' or 'iptables --help' for more information. [root@Arun-FC6-SQUID linux-tproxy4-RnD]# iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3128 iptables: Invalid argument Am I missing anything? TIA. Regards, Arun S. On 23/10/2007, Arun S <hi2arun@gmail.com> wrote:
Hi,
Thank you. I will get this downloaded and try to tweak Squid to work for the latest tproxy4 changes.
Will let you know the changes in Squid once I manage to get Squid compiled for tproxy4.
On 22/10/2007, Tóth László Attila <panther@elte.hu> wrote:
Hello,
On 2007.10.22., at 18:51, Arun S wrote:
Hi Attila / Krisztian,
Could you please tell me which version of linux kernel shall I use to try the latest tproxy4 changes and from where shall I get the latest tproxy4 patches?
2.6.23 should be ok with both version: at www.balabit.com and at http://people.netfilter.org/hidden/tproxy/ The first one is tested for 2.6.22 only.
How can it enabled in squid: I don't know the source code but it requires no secial code with TProxy4 except set the IP_TRANSPARENT socket option for lisening socket. It is a new option: #define IP_TRANSPARENT 19
HTH, Attila
-- Regards, Arun S.
-- Regards, Arun S. _______________________________________________ tproxy mailing list tproxy@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/tproxy
Hello, Siumafua Moala írta:
Hello, How did you compile squid with linux 2.6.22. I tried but it complains about ip_tproxy.h, etc. I'm going back to earlier version until I saw your post that you are able to do this.
Regards, S. Moala
Later I'll make the patch for squid-2.6 but I'm not familiar with squid also it takes a while. Currently you may add the the IP_TRANSPARENT socket option for the listening socket and the sockets of outgoing connections. Its value is 19 and you need patches at http://people.netfilter.org/hidden/tproxy/ Attila
participants (2)
-
Laszlo Attila Toth
-
Siumafua Moala