[tproxy] Latest tproxy patch for kernel, iptables and squid
Balazs Scheidler
bazsi at balabit.hu
Thu Dec 4 12:02:44 CET 2008
On Wed, 2008-12-03 at 23:16 -0300, Eduardo Schoedler wrote:
> Hello Balazs!
>
> I've compiled kernel-2.6.26-7 and applied the patch in the site.
>
> # dmesg | grep TPROXY
> NF_TPROXY: Transparent proxy support initialized, version 4.1.0
> NF_TPROXY: Copyright (c) 2006-2007 BalaBit IT Ltd.
>
> For iptables, I've used the 1.4.0 sources... it's working ok, I guess. =)
>
> But the Squid is a little bit strange.
> I've compiled 3.HEAD (20081121), with that have support for tproxy.
>
> # ./configure --prefix=/opt/squid \
> --sysconfdir=/etc/squid \
> --with-default-user=squid \
> --enable-icmp \
> --disable-auth \
> --enable-removal-policies="lru,heap" \
> --disable-digest-auth-helpers \
> --disable-basic-auth-helpers \
> --disable-external-acl-helpers \
> --disable-ntlm-auth-helpers \
> --disable-negotiate-auth-helpers \
> --enable-useragent-log \
> --enable-cache-digests \
> --enable-delay-pools \
> --enable-referer-log \
> --enable-arp-acl \
> --with-large-files \
> --with-filedescriptors=16384 \
> --enable-storeio=ufs,diskd,aufs \
> --enable-linux-netfilter
>
> My squid.conf (like the tproxy readme):
> http_port 50080 tproxy transparent
>
> The strange thing is when I'm trying to create swap directories. See:
>
> # ./squid -z
> 2008/12/03 23:07:10| http(s)_port: TPROXY option requires its own
> interception port. It cannot be shared.
> FATAL: Bungled squid.conf line 992: http_port 50080 tproxy transparent
> Squid Cache (Version 3.HEAD-20081121): Terminated abnormally.
> CPU Usage: 0.004 seconds = 0.000 user + 0.004 sys
> Maximum Resident Size: 0 KB
> Page faults with physical i/o: 0
>
> I don't understand why of this problem.
> No one process is using that port.
>
> What can I do ?
>
> Thanks!
Well since I haven't used squid myself, you should ask this question on
the squid mailing list.
The only relevant info I've found is:
http://wiki.squid-cache.org/Features/Tproxy4
This says that you need to use:
http_port 3129 tproxy
But judging the error message above, it says that you are using 50080
port for other purposes in the same squid.conf.
Try to dedicate a port for tproxy.
--
Bazsi
More information about the tproxy
mailing list