[tproxy] tproxy + squid 3 + kernel 2.6.25 + iptables 1.4.0

Nataniel Klug nata at cnett.com.br
Thu Jun 19 18:15:24 CEST 2008 

People,

With this advice from Anton I have made some changes. As I could not 
find Squid-3.1 I used Squid-3HEAD and, for my surprise, using 
--enable-linux-netfilter it enables "transparent tproxy" feature.

I will try to make this new compilation using kernel-2.6.25 becouse my 
test was using 2.6.24.7 (as Anton said).

Hope for this all to function...

Anton escreveu:
> Nataniel, look more carefully at your setup, and I advice to 
> use 2.6.24 kernel (2.6.25 TPROXY (no blame at the TPROXY 
> patch - since plain 2.6.25 may hang to - just not tried!) 
> patched was silently hanging on the same PC after 1-3 hours 
> of working) - I've got it working with squid 3.1 and 
> iptables 1.4.x - though list time I tryed there was some 
> issues, which supposely fixed in the latest TPROXY patch to 
> 2.6.24 kernel - but definitelly everything compiles and 
> works, specificially in the very light load.
>
>
> On Thursday 19 June 2008 17:28, Nataniel Klug wrote:
>   
>> No luck using tproxy4.
>>
>> Nataniel Klug escreveu:
>>     
>>> Laszlo,
>>>
>>> Nope... Same error as before. I have a file named
>>> xt_TPROXY that was compiled with kernel but I this the
>>> software is not reading it. I will try with tproxy4
>>> option again.
>>>
>>> [root at cache sbin]# ./squid -D
>>> FATAL: Bungled squid.conf line 1: http_port 3128
>>> transparent tproxy Squid Cache (Version 3.0.STABLE6):
>>> Terminated abnormally. CPU Usage: 0.004 seconds = 0.003
>>> user + 0.001 sys Maximum Resident Size: 0 KB
>>> Page faults with physical i/o: 0
>>>
>>> [root at cache sbin]# vi ../etc/squid.conf
>>>
>>> [root at cache sbin]# ./squid -D
>>> FATAL: Bungled squid.conf line 1: http_port 3128 tproxy
>>> Squid Cache (Version 3.0.STABLE6): Terminated
>>> abnormally. CPU Usage: 0.005 seconds = 0.002 user +
>>> 0.003 sys Maximum Resident Size: 0 KB
>>> Page faults with physical i/o: 0
>>>
>>> Laszlo Attila Toth escreveu:
>>>       
>>>> Nataniel Klug wrote:
>>>>         
>>>>>     Laszlo,
>>>>>
>>>>>     No use. I compiled with this options:
>>>>> -----------------------------------------------------
>>>>> ------------------- make clean
>>>>> ./configure --enable-storeio=aufs,diskd,ufs
>>>>> --enable-removal-policies=heap,lru
>>>>> --enable-delay-pools --enable-snmp
>>>>> --enable-default-err-language=Portuguese
>>>>> --enable-poll --enable-netfilter --with-pthreads
>>>>> --with-filedescriptors=16384
>>>>>           
>>>> Hm, sorry, but I always miss this option, correctly
>>>> this is: --enable-linux-netfilter. Could you try with
>>>> it? ^^^^^^^
>>>>
>>>> I hope this is enough for a working configuration. I
>>>> tested with enabling nefilter and nothing else...
>>>>         
>
>   

-- 
Att,

NATANIEL KLUG
nata at cnett.com.br

LEIA O DIA-A-DIA DO NATA
http://nataklug.blogspot.com/

Cyber Nett - Internet Banda Larga
www.cnett.com.br
(42) 3635-2957
Rua Diogo Pinto, 1046, Centro
Laranjeiras do Sul - PR
Brasil - 85301-290

"... tambe'm os sa'bios possuem corac,a~o tangi'vel e podem, por vezes, usar da cie^ncia como meio de demonstrar impresso~es sentimentais de que muitos na~o os julgam susceti'veis."
Visconde de Taunay

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20080619/d5480b33/attachment.htm

More information about the tproxy mailing list