[tproxy] Latest tproxy patch for kernel, iptables and squid

Balazs Scheidler bazsi at balabit.hu
Wed Dec 3 18:49:11 CET 2008

On Thu, 2008-11-27 at 14:24 -0300, Eduardo Schoedler wrote:
> Hi list.
> I'm installing a box with linux with squid and I'm a little bit confuse.
> First of all, sorry my bad english... I'm brazilian. =)

You don't need to excuse yourself, I'm Hungarian, so I'm not a native
English speaker either. My Portugese is way worse than my English (read:
I couldn't speak a word).

> I need to now where I can found the latest version for:
> - kernel 2.6.27 (or can I use kernel 2.8.x ?);
> - iptables 1.4.2;
> - squid.

The first submission of tproxy is going into 2.6.28, which is at rc7
right now, so is not released yet.

There were some fixes, related to UDP proxying, but I guess you don't
need those if you only want to use squid. Those fixes are queued for

The tproxy bits were integrated in iptables after 1.4.2, so you'll need
iptables 1.4.3-rc1.

Last I've heard, tproxy support was added to Squid3, checking out the
changelog shows that squid already has support for it

> I have some questions:
> - Which kernel is better to use in a production box? 2.6.27 or 2.6.28 ?

Well, 2.6.28 is not yet released, although it is at rc7, so it should be
released in a week or two. Distributions probably will not pick that
till next year, so you need to compile your kernel manually.

If you want to stick to the earlier kernel, you'd have to backport
tproxy yourself, as the last out-of-tree release of tproxy was against
2.6.26. (http://people.netfilter.org/hidden)

> - Which squid is better to use in a production box? 2.7 or 3.0 ?

I don't know, since I don't use squid.

> - Where I can found a documentation to install and configure tproxy patches
> ?

There's a documentation file on tproxy in the Documentation subdirectory
of the kernel.


More information about the tproxy mailing list