[tproxy] tproxy + squid 3 + kernel 2.6.25 + iptables 1.4.0

Anton anton.vazir at gmail.com
Thu Jun 19 14:41:21 CEST 2008 

Nataniel, look more carefully at your setup, and I advice to 
use 2.6.24 kernel (2.6.25 TPROXY (no blame at the TPROXY 
patch - since plain 2.6.25 may hang to - just not tried!) 
patched was silently hanging on the same PC after 1-3 hours 
of working) - I've got it working with squid 3.1 and 
iptables 1.4.x - though list time I tryed there was some 
issues, which supposely fixed in the latest TPROXY patch to 
2.6.24 kernel - but definitelly everything compiles and 
works, specificially in the very light load.


On Thursday 19 June 2008 17:28, Nataniel Klug wrote:
> No luck using tproxy4.
>
> Nataniel Klug escreveu:
> > Laszlo,
> >
> > Nope... Same error as before. I have a file named
> > xt_TPROXY that was compiled with kernel but I this the
> > software is not reading it. I will try with tproxy4
> > option again.
> >
> > [root at cache sbin]# ./squid -D
> > FATAL: Bungled squid.conf line 1: http_port 3128
> > transparent tproxy Squid Cache (Version 3.0.STABLE6):
> > Terminated abnormally. CPU Usage: 0.004 seconds = 0.003
> > user + 0.001 sys Maximum Resident Size: 0 KB
> > Page faults with physical i/o: 0
> >
> > [root at cache sbin]# vi ../etc/squid.conf
> >
> > [root at cache sbin]# ./squid -D
> > FATAL: Bungled squid.conf line 1: http_port 3128 tproxy
> > Squid Cache (Version 3.0.STABLE6): Terminated
> > abnormally. CPU Usage: 0.005 seconds = 0.002 user +
> > 0.003 sys Maximum Resident Size: 0 KB
> > Page faults with physical i/o: 0
> >
> > Laszlo Attila Toth escreveu:
> >> Nataniel Klug wrote:
> >>>     Laszlo,
> >>>
> >>>     No use. I compiled with this options:
> >>> -----------------------------------------------------
> >>>------------------- make clean
> >>> ./configure --enable-storeio=aufs,diskd,ufs
> >>> --enable-removal-policies=heap,lru
> >>> --enable-delay-pools --enable-snmp
> >>> --enable-default-err-language=Portuguese
> >>> --enable-poll --enable-netfilter --with-pthreads
> >>> --with-filedescriptors=16384
> >>
> >> Hm, sorry, but I always miss this option, correctly
> >> this is: --enable-linux-netfilter. Could you try with
> >> it? ^^^^^^^
> >>
> >> I hope this is enough for a working configuration. I
> >> tested with enabling nefilter and nothing else...

More information about the tproxy mailing list