[tproxy] TPROXY but without bridging?
Ming-Ching Tiew
mingching.tiew at redtone.com
Wed Apr 2 16:43:15 CEST 2008
admin at abp.pl wrote:
>> Laszlo Attila Toth told that problem is with squid patch.
>>
>> So now we need to ask who is able to fix tproxy-4.1 patch to squid 2.6?
>> I'm right, am I?
>>
>>
>>
I have included my version of the squid-2.6 patch. It is not
meant to be THE patch; use at your own risk, as I have no
intention to support nor maintaining it.
Since I did not patch the autoconfigure, you would
need to configure it using this way ( for example ) :-
ac_cv_header_linux_netfilter_ipv4_ip_tproxy_h=yes \
ac_cv_header_sys_capability_h=yes ./configure \
--enable-linux-tproxy \
--enable-linux-netfilter \
......
>
> I don't want to have next server between routers. I'm fighting wth DoS
> attacks (viruses, ect..) and I'm afraid that processor on squid machine
> may not handle thousands interupts generated during attacks.
>
> Beter for me is standalone and more resistant server.
>
> On my router0 during "attack" on top I have sometimes over 80-90% of
> ksoftirqd/0 (I have Intel pci-e 82572EI and 82573V cards).
>
There is a good chance to use tproxy without a bridge, but there is
addional route
table needed on router0 - to handle the return path - at least ! You did
not show us
that you have handled this return path routing on router0 - in your
previous posts.
Cheers.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: squid-2.6-tproxy-4.1.0.diff
Type: text/x-diff
Size: 3526 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/tproxy/attachments/20080402/1abadf4d/attachment.diff
More information about the tproxy
mailing list