[tproxy] Re: Development version 1.9.2 released - Oops

KOVACS Krisztian hidden@balabit.hu
Tue, 09 Mar 2004 13:52:20 +0100


On Mon, 2004-03-08 at 18:52, James MacLean wrote:
> This happened only once. But we have only brought up a kernel with it 
> today :). It appeared to occur when an iptables cmd was issued. Since then 
> (and the PC rebooting) we have not had it happen. We are not using the 
> tproxy filter yet.

  Hmm, looks strange, it crashed when initializing the iptable_nat
module, while allocating memory. I'll take a look at it, however, I'd
need your kernel config (or at least the Netfilter-related parts).

> Also, where is a FAQ on a typical install of this for Squid? I have Squid 
> now patched and I believe I can fuddle through it, but would rather use 
> someone else's notes ;).

  You should note that 1.9.2 is not compatible with Gianni Tedesco's
Squid patches, and that his latest patches are actually quite old and
buggy. You probably would have to use TProxy 1.2, which is for Linux
2.4... (Actually I have a patch for 2.6, but it's nor binary compatible
with 2.4 versions, so you would have to recompile Squid, nor

  FAQ for Squid and TProxy? I don't know of any, but you should probably
ask Gianni. However, I'd have a few recommendations:

- you must turn "client_persistent_connections" off in Squid config
- turning "server_persistent_connections" may help
- Gianni's tproxy_gid patch is necessary if you would like to run squid
as non-root

  Unfortunately I can't help more regarding Squid. Please contact Gianni
Tedesco for more information.

   Krisztian KOVACS