[tproxy] Squid does not recognize tproxy iptables also not! ! !
Arun S
hi2arun at gmail.com
Mon Oct 22 06:26:25 CEST 2007
In addition, you need to enable tproxy support in Squid.
Use this option while configuring squid: --enable-linux-tproxy
On 20/10/2007, Rodrigo Ferreira Santos <rodrigofsantos at gmail.com> wrote:
> Following is a personal pleasure to be part of this list I already
> installing the tproxy here at my company but so far is not working, compiled
> the kernel pressed the module, and compiled the iptables my server this way:
>
>
> cache:/# uname -a
> Linux cache 2.6.22.10-tproxy #1 SMP Thu Oct 18 22:30:57 AMT 2007 i686
> GNU/Linux
> cache:/# lsmod
> xt_tproxy 1984 0
> ip_gre 12608 0
> ipt_addrtype 1952 0
> ip_queue 10480 0
> ipt_REJECT 4608 0
> arptable_filter 2272 0
> arp_tables 11204 1 arptable_filter
> ipt_ULOG 8036 0
> iptable_mangle 2912 0
> ipt_tos 1760 0
> ipt_TOS 2336 0
> ipt_LOG 6208 0
> ipt_ECN 3008 0
> ipt_ttl 1984 0
> ipt_ah 2016 0
> ipt_TTL 2432 0
> ipt_recent 9048 0
> ipt_iprange 1888 0
> iptable_raw 2496 0
> ipt_ecn 2304 0
> arpt_mangle 2560 0
> ipt_owner 2080 0
> iptable_filter 3104 1
> iptable_tproxy 6468 0
> ip_tables 12420 4
> iptable_mangle,iptable_raw,iptable_filter,iptable_tproxy
> x_tables 14564 18
> xt_tproxy,ipt_addrtype,ipt_REJECT,arp_tables,ipt_ULOG,ipt_tos,ipt_TOS,ipt_LOG,ipt_ECN,ipt_ttl,ipt_ah,ipt_TTL,ipt_recent,ipt_iprange,ipt_ecn,arpt_mangle,ipt_owner,ip_tables
> button 8080 0
> ipv6 237412 18
> i2c_viapro 8340 0
> 8139cp 22080 0
> 3c59x 41256 0
> 8139too 25472 0
>
> My squid this configured this way:
>
> This compiled with the settings:
> cache:/# squid -v
> Squid Cache: Version 2.6.STABLE16-20071017
> configure options: '--prefix=/usr' '--sysconfdir=/etc/squid'
> '--libexecdir=/usr/libexec/squid'
> '--datadir=/usr/share/squid' '--enable-dlmalloc' '--enable-wccp'
> '--with-maxfd=8192' '--enable-gnuregex' '--enable-carp'
> '--enable-storeio=diskd,ufs' '--enable-head-replacement'
> '--enable-removal-polices=heap,lru' '--enable-icmp'
> '--enable-epoll' '--enable-useragent-log' '--enable-referer-log'
> '--enable-arp-acl' '--enable-htcp' '--enable-cache-digests'
> '--enable-err-laguage=Portuguese' '--enable-ident-lookup'
> '--enable-truncate' '--enable-underscore' '--enable-linux-netfilter'
> '--enable-snmp'
>
>
> cache:/# squid -d 3 -F -N -X
>
> 2007/10/20 10:30:19| Processing: 'icp_access allow all'
> 2007/10/20 10:30:19| parse_line: icp_access allow all
> 2007/10/20 10:30:19| aclParseAccessLine: looking for ACL name 'all'
> 2007/10/20 10:30:19| Processing: 'http_port 8080 transparent tproxy'
> 2007/10/20 10:30:19| parse_line: http_port 8080 transparent tproxy
> FATAL: Bungled squid.conf line 925: http_port 8080 transparent tproxy
> Squid Cache (Version 2.6.STABLE16-20071017): Terminated abnormally.
>
> This configured so my squid:
>
> cache:/# cat /etc/squid/squid.conf
> httpd_accel_host virtual
> httpd_accel_port 80
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
> acl all src 0.0.0.0/0.0.0.0
> acl minha_rede src 201.30.200.0/255.255.255.128
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
> http_access allow minha_rede
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access deny all
> icp_access allow all
> http_port 8080 transparent tproxy
> hierarchy_stoplist cgi-bin ?
> cache_mem 256 MB
> maximum_object_size_in_memory 512 KB
> memory_replacement_policy lru
> cache_replacement_policy lru
> cache_dir ufs /var/cache/squid/squid1 10000 16 256
> cache_dir ufs /var/cache/squid/squid2 10000 16 256
> cache_dir ufs /var/cache/squid/squid3 10000 16 256
> cache_swap_low 90
> cache_swap_high 95
> access_log /var/log/squid/access.log
> cache_log /var/log/squid/cache.log
> cache_store_log /var/log/squid/store.log
> logfile_rotate 10
> mime_table /etc/squid/mime.conf
> pid_filename /var/logs/squid.pid
> client_netmask 255.255.255.255
> acl QUERY urlpath_regex cgi-bin \?
> cache deny QUERY
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern . 0 20% 4320
> request_header_max_size 20 KB
> reply_header_max_size 20 KB
> acl apache rep_header Server ^Apache
> broken_vary_encoding allow apache
> cache_mgr rodrigofsantos at gmail.com
> cache_effective_user proxy
> snmp_port 3401
> snmp_access deny all
> error_directory /var/cache/squid/errors/Portuguese
> hosts_file /etc/hosts
> forwarded_for on
> coredump_dir /usr/local/squid//var/cache
>
> Please need much help from staff of you ..
> May God bless you all.
> --
> ----------------------------------------------------
> (o_ Rodrigo Ferreira Santos
> //\ Gerente de TI
> V_/_ ICQ - 15372370
> aMSN - rodrigofsantos at gmail.com
> Linux user number 372852
> ----------------------------------------------------
> _______________________________________________
> tproxy mailing list
> tproxy at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/tproxy
>
>
--
Regards,
Arun S.
More information about the tproxy
mailing list