If you're trying to specify a port, you must use '-p tcp' to tell iptables which protocol you're referring to. So you will want a rule similar to the following: iptables -t tproxy -A PREROUTING -p tcp -j TPROXY --on-port 3128 Steven > -----Original Message----- > From: chima s [mailto:chima.s@xxxxxxxxx] > Sent: Saturday, 3 June 2006 4:33 PM > To: Steven Wilton > Cc: squid-users@xxxxxxxxxxxxxxx > Subject: Re: Transparent proxy with tproxy > > Hi, > > What will be rule to redirect the port 80 traffic to sqiud > with tproxy table. > > I am using kernel-2.6.10 and iptables 1.3.3 and patched bith the > kernel and iptables utility, but still i am getting error if i apply > the rule > > iptables -t tproxy -A PREROUTING -j TPROXY --on-port 3128 > Unknown arg `--on-port' > > iptables -t nat -A PREROUTING -j DNAT --to-dest 172.16.8.5 > --to-port 3128 > Unknown arg `--to-port' > > Regards > Chima > > On 6/2/06, Steven Wilton <swilton@xxxxxxxxxxxx> wrote: > > The TPROXY_ASSIGN message is indicating that squid has > asked the kernel to > > assign the client's ip address to the server-side > connection, and the kernel > > has returned an error. The kernel needs to be patched with > the kernel-side > > tproxy patch, otherwise this will always fail. Iptables > must also be > > patched to support tproxy, and you must use the TPROXY > iptables target, and > > "-t tproxy" (instead of the REDIRECT with "-t nat"). > > > > These patches can be found at > http://www.balabit.com/downloads/tproxy/ > > > > These errors are not fatal, they just indicate that squid > is not spoofing > > the client's ip address. > > > > Regards > > > > Steven > > > > > -----Original Message----- > > > From: chima s [mailto:chima.s@xxxxxxxxx] > > > Sent: Thursday, 1 June 2006 6:02 PM > > > To: squid-users@xxxxxxxxxxxxxxx > > > Subject: Transparent proxy with tproxy > > > > > > Hi, > > > > > > I have configured transparent proxy wit tproxy,iptables. I have 2 > > > problems in this setup > > > > > > First one is, i am getting the following msg in the cache log > > > > > > tproxy ip=192.168.5.1,0x18a0b1ca,port=0 ERROR ASSIGN > > > > > > can anybody encountered this error msg and what is the > meaning of this > > > error msg and when it will come, > > > > > > > > > Second issue is after enabling the cache for 2 mins > browsing is very > > > solw some times the page is not opening and after 2 mins > browsing is > > > normal. > > > > > > Is it anything to do with cache or ip_conntrack? > > > > > > Thanks and Regards > > > Chima > > > > > > -- > > > No virus found in this incoming message. > > > Checked by AVG Free Edition. > > > Version: 7.1.394 / Virus Database: 268.8.0/353 - Release > > > Date: 31/05/2006 > > > > > > > > > > -- > > No virus found in this outgoing message. > > Checked by AVG Free Edition. > > Version: 7.1.394 / Virus Database: 268.8.1/354 - Release > Date: 1/06/2006 > > > > > > > > -- > No virus found in this incoming message. > Checked by AVG Free Edition. > Version: 7.1.394 / Virus Database: 268.8.2/356 - Release > Date: 5/06/2006 > > -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.8.2/356 - Release Date: 5/06/2006
