[tproxy] Squid does not recognize tproxy iptables also not! ! !

Rodrigo Ferreira Santos rodrigofsantos at gmail.com
Sat Oct 20 16:45:37 CEST 2007 

Following is a personal pleasure to be part of this list I already
installing the tproxy here at my company but so far is not working, compiled
the kernel pressed the module, and compiled the iptables my server this way:


cache:/# uname -a
Linux cache 2.6.22.10-tproxy #1 SMP Thu Oct 18 22:30:57 AMT 2007 i686
GNU/Linux
cache:/# lsmod
xt_tproxy               1984  0
ip_gre                 12608  0
ipt_addrtype            1952  0
ip_queue               10480  0
ipt_REJECT              4608  0
arptable_filter         2272  0
arp_tables             11204  1 arptable_filter
ipt_ULOG                8036  0
iptable_mangle          2912  0
ipt_tos                 1760  0
ipt_TOS                 2336  0
ipt_LOG                 6208  0
ipt_ECN                 3008  0
ipt_ttl                 1984  0
ipt_ah                  2016  0
ipt_TTL                 2432  0
ipt_recent              9048  0
ipt_iprange             1888  0
iptable_raw             2496  0
ipt_ecn                 2304  0
arpt_mangle             2560  0
ipt_owner               2080  0
iptable_filter          3104  1
iptable_tproxy          6468  0
ip_tables              12420  4
iptable_mangle,iptable_raw,iptable_filter,iptable_tproxy
x_tables               14564  18
xt_tproxy,ipt_addrtype,ipt_REJECT,arp_tables,ipt_ULOG,ipt_tos,ipt_TOS,ipt_LOG,ipt_ECN,ipt_ttl,ipt_ah,ipt_TTL,ipt_recent,ipt_iprange,ipt_ecn,arpt_mangle,ipt_owner,ip_tables
button                  8080  0
ipv6                  237412  18
i2c_viapro              8340  0
8139cp                 22080  0
3c59x                  41256  0
8139too                25472  0

My squid this configured this way:

This compiled with the settings:

cache:/# squid -v
Squid Cache: Version 2.6.STABLE16-20071017
configure options:  '--prefix=/usr' '--sysconfdir=/etc/squid'
'--libexecdir=/usr/libexec/squid' '--datadir=/usr/share/squid'
'--enable-dlmalloc' '--enable-wccp' '--with-maxfd=8192' '--enable-gnuregex'
'--enable-carp' '--enable-storeio=diskd,ufs' '--enable-head-replacement'
'--enable-removal-polices=heap,lru' '--enable-icmp' '--enable-epoll'
'--enable-useragent-log' '--enable-referer-log' '--enable-arp-acl'
'--enable-htcp' '--enable-cache-digests' '--enable-err-laguage=Portuguese'
'--enable-ident-lookup' '--enable-truncate' '--enable-underscore'
'--enable-linux-netfilter' '--enable-snmp'


cache:/# squid -d 3 -F -N -X

2007/10/20 10:30:19| Processing: 'icp_access allow all'
2007/10/20 10:30:19| parse_line: icp_access allow all
2007/10/20 10:30:19| aclParseAccessLine: looking for ACL name 'all'
2007/10/20 10:30:19| Processing: 'http_port 8080 transparent tproxy'
2007/10/20 10:30:19| parse_line: http_port 8080 transparent tproxy
FATAL: Bungled squid.conf line 925: http_port 8080 transparent tproxy
Squid Cache (Version 2.6.STABLE16-20071017): Terminated abnormally.

This configured so my squid:

cache:/# cat /etc/squid/squid.conf
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
acl all src 0.0.0.0/0.0.0.0
acl minha_rede src 201.30.200.0/255.255.255.128
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow minha_rede
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
icp_access allow all
http_port 8080 transparent tproxy
hierarchy_stoplist cgi-bin ?
cache_mem 256 MB
maximum_object_size_in_memory 512 KB
memory_replacement_policy lru
cache_replacement_policy lru
cache_dir ufs /var/cache/squid/squid1 10000 16 256
cache_dir ufs /var/cache/squid/squid2 10000 16 256
cache_dir ufs /var/cache/squid/squid3 10000 16 256
cache_swap_low 90
cache_swap_high 95
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
logfile_rotate 10
mime_table /etc/squid/mime.conf
pid_filename /var/logs/squid.pid
client_netmask 255.255.255.255
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
request_header_max_size 20 KB
reply_header_max_size 20 KB
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_mgr rodrigofsantos at gmail.com
cache_effective_user proxy
snmp_port 3401
snmp_access deny all
error_directory /var/cache/squid/errors/Portuguese
hosts_file /etc/hosts
forwarded_for on
coredump_dir /usr/local/squid//var/cache

Please need much help from staff of you ..
May God bless you all.
-- 
----------------------------------------------------
(o_    Rodrigo Ferreira Santos
//\    Gerente de TI
V_/_   ICQ - 15372370
    aMSN - rodrigofsantos at gmail.com
        Linux user number 372852
----------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20071020/5887bd55/attachment.htm

More information about the tproxy mailing list