[tproxy] Squid with tproxy extra brief FAQ
Laszlo Attila Toth
panther at balabit.hu
Mon Feb 25 10:26:30 CET 2008
Hello,
thanks for this FAQ.
Some additional comments:
Ming-Ching Tiew wrote:
> 1. There are at least 3 different versions of tproxy kernel patches.
>
> Each tproxy kernel patch is quite strongly tied to a kernel version,
>
> tproxy2 - kernel 2.6.18 - don't know where it is now,
> google for it.
The url is:
http://www.balabit.hu/downloads/files/tproxy/obsolete/
>
> tproxy-4.0.x - kernel 2.6.22 - balabit website
http://www.balabit.hu/downloads/files/tproxy/
>
> tproxy-4.1.0 - kernel 2.6.25 - netfilter website or balabit website
AFAIK the "official website" is for kernel <=2.6.24
http://people.netfilter.org/hidden/tproxy
but the actual version of tproxy 4.1 for 2.6.25 is here:
http://people.balabit.hu/panther/tproxy
>
> The kernel patch might work with nearby kernel versions, for example,
> tproxy2 might work with kernel 2.6.19; however it will not work
> will kernel 2.6.22 ( unless you port it ).
>
>
> 3. All the tproxy kernel patches are not compatible with one another.
> Each requires it's own way of setup and usage. So before doing
> anything, check if you have gotten the correct info/tproxy version/patches.
>
> These are some of the info :-
>
> tproxy2 - Requires additional patch to get SNAT working
> Don't seem to have problem with bridge
>
> tproxy4.0.x - Requires additional patches for SNAT and FWMARK.
> Some hurdles with bridge.
>
> tproxy4.1.0 - Still in the cooking.
> Some hurdles with bridge.
>
Currently the latter version is under testing in bridge environment
(when I have enough time for it), but I have no idea yet why it is not
working.
--
Panther
More information about the tproxy
mailing list