[tproxy] Squid with tproxy extra brief FAQ
Ming-Ching Tiew
mingching.tiew at redtone.com
Fri Feb 22 02:18:18 CET 2008
1. There are at least 3 different versions of tproxy kernel patches.
Each tproxy kernel patch is quite strongly tied to a kernel version,
tproxy2 - kernel 2.6.18 - don't know where it is now,
google for it.
tproxy-4.0.x - kernel 2.6.22 - balabit website
tproxy-4.1.0 - kernel 2.6.25 - netfilter website or balabit website
The kernel patch might work with nearby kernel versions, for example,
tproxy2 might work with kernel 2.6.19; however it will not work
will kernel 2.6.22 ( unless you port it ).
2. So far Squid ( 3.0 and 2.6 ) is only supporting on tproxy2.
If you managed to compile Squid without changing the source,
meaning you are likely either did not successfully link in tproxy
support or at best it is using tproxy2.
However, if you patch the squid source, you should be able
to get squid to work with tproxy-4.0.x and tproxy-4.1.0.
You can look through the archive of this maillist to look at how
to port squid versions to support tproxy-4.0.x and tproxy-4.1.0.
Most of the patches floating around are not entirely satisfactory,
but it could work, at least !
There is no one-stop-shop for getting tproxy-4.0.x and tproxy-4.1.0
working right now.
3. All the tproxy kernel patches are not compatible with one another.
Each requires it's own way of setup and usage. So before doing
anything, check if you have gotten the correct info/tproxy version/patches.
These are some of the info :-
tproxy2 - Requires additional patch to get SNAT working
Don't seem to have problem with bridge
tproxy4.0.x - Requires additional patches for SNAT and FWMARK.
Some hurdles with bridge.
tproxy4.1.0 - Still in the cooking.
Some hurdles with bridge.
More information about the tproxy
mailing list