[tproxy] SQUID 3.1 and TPROXY
Laszlo Attila Toth
panther at balabit.hu
Wed May 21 13:28:59 CEST 2008
It seems that the kernel doesn't support IP_TRANSPARENT socket option.
But if you use the tproxy 4.1 patch, it can't happen. ( ?? )
> Hi Laszlo!
> Just a little question, regarding the partly working TPROXY in SQUID 3.1 (Surely you have seen my post in squid-dev with my results),
> do you think that the following is solely SQUID problem, or it might be TPROXY problem?
> 2008/05/20 21:25:47| IPInterception.cc(169) NetfilterTransparent: NF getsockopt(IP_TRANSPARENT) failed: (92) Protocol not available
> 2008/05/20 21:25:53| commBind: Cannot bind socket FD 35 to 192.168.1.177:3976: (98) Address already in use
> 2008/05/20 21:25:53| comm.cc(994) commResetFD: bind: (98) Address already in use
> 2008/05/20 21:25:59| commBind: Cannot bind socket FD 31 to 192.168.1.177:3977: (98) Address already in use
> 2008/05/20 21:25:59| comm.cc(994) commResetFD: bind: (98) Address already in use
> On Friday 16 May 2008 14:07, Laszlo Attila Toth wrote:
>> Anton wrote:
>>> Dear Laszlo,
>>> Just a little confulsed with your statement (below) on
>>> the squid 3.1 wiki - does that mean that TPROXY in 3.1
>>> is non usable yet?
>>> --- from squid wiki - Feature: TPROXY Update
>>> "It is not yet finished, the squid proxy doesn't bind
>>> to the client's address. Furthermore I think it would
>>> be better to have a different option for this, and
>>> "tproxy" wouldn't imply this."
>> When I wrote this email, I tried to create a patch for
>> squid-2.6-STABLE18 with the mentioned results, also it is
>> still not (fully) working.
>> But Squid-3.1 is works well with TProxy 4.1 and this code
>> is part of the official squid-3.1 code.
More information about the tproxy