[tproxy] TPROXY but without bridging?

Ming-Ching Tiew mingching.tiew at redtone.com
Wed Apr 2 16:43:15 CEST 2008

admin at abp.pl wrote:
>> Laszlo Attila Toth told that problem is with squid patch.
>> So now we need to ask who is able to fix tproxy-4.1 patch to squid 2.6?
>> I'm right, am I?

I have included my version of the squid-2.6 patch. It is not
meant to be THE patch; use at your own risk, as I have no
intention to support nor maintaining it.

Since I did not patch the autoconfigure, you would
need to configure it using this way ( for example ) :-

        ac_cv_header_linux_netfilter_ipv4_ip_tproxy_h=yes \
        ac_cv_header_sys_capability_h=yes ./configure \
        --enable-linux-tproxy \
        --enable-linux-netfilter \
> I don't want to have next server between routers. I'm fighting wth DoS
> attacks (viruses, ect..) and I'm afraid that processor on squid machine
> may not handle thousands interupts generated during attacks.
> Beter for me is standalone and more resistant server.
> On my router0 during "attack" on top I have sometimes over 80-90% of
> ksoftirqd/0 (I have Intel pci-e 82572EI and 82573V cards).
There is a good chance to use tproxy without a bridge, but there is 
addional route
table needed on router0 - to handle the return path - at least ! You did 
not show us
that you have handled this return path routing on router0 - in your 
previous posts.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: squid-2.6-tproxy-4.1.0.diff
Type: text/x-diff
Size: 3526 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/tproxy/attachments/20080402/1abadf4d/attachment.diff 

More information about the tproxy mailing list