[tproxy] tproxy + squid 3 + kernel 2.6.25 + iptables 1.4.0
Laszlo Attila Toth
panther at balabit.hu
Fri Jun 20 10:36:24 CEST 2008
Hi,
Nataniel Klug wrote:
> People,
>
> With this advice from Anton I have made some changes. As I could not
> find Squid-3.1 I used Squid-3HEAD and, for my surprise, using
> --enable-linux-netfilter it enables "transparent tproxy" feature.
Squid-3 head is also called as Squid-3.1. I don't know the exact
versioning of squid.
>
> I will try to make this new compilation using kernel-2.6.25 becouse my
> test was using 2.6.24.7 (as Anton said).
I will forward port of the kernel patches to 2.6.25 and 2.6.26 and test
when I'll have time for it. But first I have to eliminate a problem
related to the tproxy that it doesn't work if the interface is in bridge
mode (br0, etc). This issue occurs on each versions of tproxy4 (4.0 and
4.1). The 4.0 branch is used internally in our product but my assumption
is that when I fix the 4.0, I can find a solution for 4.1, too. Now I
have no idea why it goes wrong with a bridge: TPROXY target (and
iptables/netfilter) doesn't receive any packets.
--
Panther
More information about the tproxy
mailing list