[tproxy] Squid with TProxy Support

Firas Rasmy firasrasmy at yahoo.com
Mon Jul 1 20:37:35 CEST 2013


Hello there!

I'm trying to install squid with TPROXY support. I'm using a Centos 6.4 (64-bit) with kernel version 2.6.32-358.el6.x86_64 and iptables version 4.1.7

I've followed the instructions in http://wiki.squid-cache.org/Features/Tproxy4 but unfortunately connecting to any website from a client with Chrome browser fails with this error: 

Error 324 (net::ERR_EMPTY_RESPONSE): The server closed the connection without sending any data.


When trying to telnet squid on port 80, I get a connection but the connection is closed once I hit any key! I think packets are being redirected to squid successfully because if I stop squid, there would be no connections at all. Do you have any idea of what might be the reason?

Another question, I have checked that my current kernel was already built with those options:
NF_CONNTRACK=m
NETFILTER_TPROXY=m
NETFILTER_XT_MATCH_SOCKET=m
NETFILTER_XT_TARGET_TPROXY=m

Do I still have to recompile it with patches from http://www.balabit.com/downloads/files/tproxy/?
There are no patches available for this current version. What about iptables? Do I need to patch it?


My last question is: TPROXY target in the mangle table is not supposed to change anything in the packet header, how the packets with TPROXY target would be redirected to --on-port if the IP header is untouched?!


Thanks a lot for your help!

Best regards,
Firas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20130701/063dddb5/attachment.htm 


More information about the tproxy mailing list