[tproxy] Tproxy changes for performing dual NAT

zulkarnain sizulku at yahoo.com
Fri Oct 12 17:19:13 CEST 2007 

Hi Arun,

I my kernel-2.6.19.7 with your patch and seemed it won't work. I got this messages below and I attached you iptable_tproxy.c.rej

[root at squid linux]# patch -p1 -i ../07-linux_aircell_tproxy.patch
patching file include/linux/netfilter_ipv4/ip_tproxy.h
patching file net/ipv4/netfilter/ip_tables.c
Hunk #7 succeeded at 245 (offset -2 lines).
patching file net/ipv4/netfilter/iptable_tproxy.c
Hunk #1 succeeded at 43 with fuzz 2 (offset -2 lines).
Hunk #2 FAILED at 145.
Hunk #3 succeeded at 120 with fuzz 2 (offset -79 lines).
Hunk #4 FAILED at 647.
Hunk #5 succeeded at 831 (offset -4 lines).
Hunk #6 succeeded at 798 (offset -79 lines).
Hunk #7 succeeded at 896 (offset -4 lines).
Hunk #8 succeeded at 837 (offset -79 lines).
Hunk #9 FAILED at 916.
patch unexpectedly ends in middle of line
Hunk #10 succeeded at 993 with fuzz 1 (offset -34 lines).
3 out of 10 hunks FAILED -- saving rejects to file net/ipv4/netfilter/iptable_tproxy.c.rej
[root at squid linux]#

Do you have a patch that work with kernel-2.6.19.7? Any help would be great. Thanks!

Regards,
Zul 

----- Original Message ----
From: Arun S <hi2arun at gmail.com>
To: zulkarnain <sizulku at yahoo.com>
Cc: Tproxy <tproxy at lists.balabit.hu>
Sent: Friday, October 12, 2007 6:40:52 AM
Subject: Re: [tproxy] Tproxy changes for performing dual NAT

Hi Zul,

Here are the steps to be followed:

1. Apply Cttproxyv2.0.6 to linux kernel v2.6.18

2. Apply the given patch for dual NAT

3. Compile the kernel as usual with TPROXY support enabled.

4. Run Squid (I have tested it with Squid v 2.6) with tproxy related
options enabled.

5. Add TPROXY rule to redirect HTTP packets:
    e.g.: iptables -t tproxy -A PREROUTING -p tcp --dport 80 -j TPROXY
--on-port 3128
[Assuming Squid proxy listens on port 3128]

6. Add POSTROUTING rule for performing SNAT.
e.g. Say LAN network is 192.168.1.0/24,
    iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT --to <Src IP>

Please let me know of any issues along with the kernel version , Squid
version, iptables rules and your test setup.


      ____________________________________________________________________________________
Don't let your dream ride pass you by. Make it a reality with Yahoo! Autos.
http://autos.yahoo.com/index.html
 

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: iptable_tproxy.c.rej
Url: http://lists.balabit.hu/pipermail/tproxy/attachments/20071012/e687e313/attachment.txt

More information about the tproxy mailing list