Re: Problems with Transparent Proxy using IPTables, Squid and 2.6 kernel

[Peter Schobel <pschobel@xxxxxxxxxxxxx>]

Dec 24, 2003: patch-o-matic 20031219 (for kernel >= 2.4.18, including 
2.4.23)
Please note that this release still does not yet support the 
just-released 2.6.0 kernel.
Expect a so-called 'patch-o-matic-ng' release for 2.6.x support in the 
next couple of weeks.

Does this mean that iptables will not work with 2.6 kernel? This seems 
unlikely to me - I think i'm understanding it incorrectly - please 
clarify

Peter Schobel
~

On Thursday, January 8, 2004, at 12:35  PM, Antony Stone wrote:

> On Thursday 08 January 2004 5:28 pm, Peter Schobel wrote:
>
> > On Thursday, January 8, 2004, at 12:02  PM, Antony Stone wrote:
> > > On Thursday 08 January 2004 4:56 pm, Peter Schobel wrote:
> > > > I have a server that was running a transparent redirection proxy - i
> > > > was using 2.4.20 kernel on this system and i recently upgraded to
> > > > 2.6.0.107 kernel package for redhat 9
> > > >
> > > > Ever since i did the kernel upgrade the proxy does not work 
> > > > correctly.
> > >
> > > Have you recompiled the userspace iptables to match the new 
> > > kernelspace
> > > netfilter?
> >
> > No, I hadn't considered this. - I am using an rpm package
> > iptables-1.2.7a-2 - do you think this could be the problem?
>
> Yes, I do.   The kernelspace netfilter and the userspace iptables must 
> match
> in order for the two to work together.
>
> > > Does Squid seem to work correctly as a proxy if you configure your
> > > client
> > > browser to use it specifically, rather than doing it transparently?
> >
> > yes it works perfectly on port 80 as well as on port 3128 so the
> > redirection seems to be working - but the transparency does not
>
> That quite satisfactorily demonstrates that networking and Squid are 
> not the
> problem then, so it's definitely netfilter/iptables.
>
> Just recompile iptables with your new kernel (and its associated 
> header files)
> installed, and you should be back to normal.
>
> Antony.
>
> --
> The idea that Bill Gates appeared like a knight in shining armour to 
> lead all
> customers out of a mire of technological chaos neatly ignores the fact 
> that
> it was he who, by peddling second-rate technology, led them into it in 
> the
> first place.
>
>  - Douglas Adams in The Guardian, 25th August 1995
>
>                                                      Please reply to 
> the list;
>                                                            please 
> don't CC me.
*****************************
Peter Schobel
Network Administrator
Porchlight.ca
Unlimited Internet
*****************************
In a world without walls or fences
We will have no need for gates or windows
*****************************