[tproxy] I wonder missing ip_tproxy.h header file and tproxy

Sun May 6 23:07:42 CEST 2012

hello, i'm korean so im sorry my english text written

my environment is the latest Centos and network doing bridge.
my option is already setted by using information on internet

my problem is that squid 2.7 setting "--enable-linux-tproxy" causes below
warning..

---------------------------------------
---------------------------------------
checking if Linux (Netfilter) kernel header files are installed... no
WARNING: Cannot find necessary Linux kernel (Netfilter) header files
         Linux Transparent Proxy support WILL NOT be enabled
checking if TPROXY header files are installed... no
---------------------------------------
---------------------------------------

my wordering is that although tproxy is intergrated with latest kernel
source, there is not ip_tproxy.h
i have known that ip_tproxy.h was provided from obsolete kernel source
patch in "balabit.com"

but why do squid2.7 need ip_tproxy.h?
so, i downloaded ip_tproxy.h and compiled squid2.7 by using the ip_tproxy.h

and i setted option "http_port 3128 tproxy" in squid.conf.
after compiling and setting, the squid is running but the tproxy doesn't
work.

i setted iptables rules following below
---------------------------------------------------------------------
----------

setsebool squid_connect_any=1**

setsebool squid_use_tproxy=1

iptables -t mangle -N DIVERT

iptables -t mangle -A DIVERT -j MARK --set-mark 1

iptables -t mangle -A DIVERT -j ACCEPT

iptables  -t mangle -A PREROUTING -p tcp -m socket -j DIVERT

iptables  -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY
--tproxy-mark 0x1/0x1 --on-port 3128

---------------------------------------------------------------------
----------

i must use tproxy in squid 2.7 environment.
could you help me? please..
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20120507/a5821b29/attachment.htm 