[tproxy] Tproxy and squid

Herlon Alcantara Matos herlon at lcimt.com.br
Thu Feb 14 20:33:57 CET 2008

Try putting in your squid.conf 
Http_port transparent tproxy 
Http_port transparent tproxy
  ----- Original Message ----- 
  From: Brian Møller 
  To: tproxy at lists.balabit.hu 
  Sent: Thursday, February 14, 2008 2:59 PM
  Subject: [tproxy] Tproxy and squid

  Hello there 

  I'm in the process of setting up a filtering bridge for my work. I want to use Squid via url_redirect-option to do the filtering. I want to se the source ip of the clients on the webservers because of som logging isues and because the clients come from different subnets and stuff like that I cant do anything against. 

  I'm a little confused when it comes to the versions of tproxy / cttproxy that I should use. 
  From what I can read squid doesn't support tproxy4 so i have to use cttproxy. Am I correct in that assumption? 

  If I'm i have a question: 
  I have compiled my kernel (2.6.20) with this patch-set: http://www.balabit.com/downloads/files/tproxy/obsolete/linux-2.6/cttproxy-2.6.20-2.0.6.tar.gz 
  And also IPTables 1.3.8 with the same patch-set 

  After that I have compiled squid-2.6.STABLE18  --enable-linux-tproxy after copy'ing one or two .h-files to the right directory. 
  My squid.conf can be seen in the bottom of this email. 

  The bridge is working, traffic is flowing as it should, and the traffic is redirected nicely after running this command: 
  /usr/local/sbin/iptables -t tproxy -A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY --on-port 3128 

  But now it is the IP of the proxy that gets into the logs of the webservers. 

  Have I missed something or might there be 


  access_log /var/log/squid/access.log squid 
  acl CONNECT method CONNECT 
  acl QUERY urlpath_regex cgi-bin \? 
  acl SSL_ports port 443 
  acl Safe_ports port 1025-65535  # unregistered ports 
  acl Safe_ports port 21          # ftp 
  acl Safe_ports port 210         # wais 
  acl Safe_ports port 280         # http-mgmt 
  acl Safe_ports port 443         # https 
  acl Safe_ports port 488         # gss-http 
  acl Safe_ports port 591         # filemaker 
  acl Safe_ports port 70          # gopher 
  acl Safe_ports port 777         # multiling http 
  acl Safe_ports port 80          # http 
  acl all src 
  acl apache rep_header Server ^Apache 
  acl localhost src 
  acl manager proto cache_object 
  acl our_networks src 
  acl to_localhost dst 
  broken_vary_encoding allow apache 
  cache deny QUERY 
  cache_dir null /null 
  cache_log /var/log/squid/cache.log 
  cache_mem 256 MB 
  cache_store_log none 
  coredump_dir /var/log/squid/cache 
  forwarded_for off 
  hierarchy_stoplist cgi-bin ? 
  http_access allow manager localhost 
  http_access allow our_networks 
  http_access deny !Safe_ports 
  http_access deny CONNECT !SSL_ports 
  http_access deny all 
  http_access deny manager 
  http_port 3128 transparent tproxy 
  icp_access allow all 
  logfile_rotate 10 
  refresh_pattern .               0       20%     4320 
  refresh_pattern ^ftp:           1440    20%     10080 
  refresh_pattern ^gopher:        1440    0%      1440 
  url_rewrite_children 30 
  url_rewrite_program /usr/bin/squidGuard 
  via off


  tproxy mailing list
  tproxy at lists.balabit.hu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20080214/03a089df/attachment.htm 

More information about the tproxy mailing list