Sorry Sunil for my late reply (i have problems with my internet provider) Of course i haven't been able to implement Tproxy, im using since start only sources and all looks like compile ok. This is my procedure: - I patch kernel 2.6.15.2 vanilla with balabit patch from cttproxy-2.6.15-2.0.4.tar.gz - modify my kernel adding TPROXY support. - compiled & etc etc etc - patch iptables sources 1.3.4 , make KERNEL_DIR=... && make install KERNEL_DIR=... - On squid-2.6STABLE2... "./configure --enable-linux-tproxy --enable-linux-netfilter && make all && make install" (if in this step you have problems copy <kernel_dir>/include/linux/netfilter_ipv4/ into your /usr/include/linux/netfilter_ipv4/ ) When i try to run squid in tproxy mode... Meeeak! Error port assign 0! I think im dreaming with this error all nights xD, the error looks like it's not able to spoofing clients. Can someone help us with this stuff? El mié, 16-08-2006 a las 21:32 +0100, Sunil K.P. escribió: > Hi Angel, > > Have you been able to implement Tproxy successfully? > > Regards > Sunil > > Angel Mieres wrote: > > Sunil, im trying to do the same that you are trying, i patched iptables > > 1.3.5 & 1.3.4 and the problem persist. > > > > Tino, have you work this succesfully? could you told me version have you > > used?(i refer iptables, patch aplied, kernel used, patch tproxy used...) > > > > Im using kernel 2.6.15.2 with balabit tproxy patch iptables 1.3.5 and > > squid 2.6 STABLE2 and always squid debug mode show me the same that show > > Sunil. > > > > I think that my problem is on iptables version and his patch. > > > > Regards, > > Angel M. > > > > > >> Your iptables patch not complete > >> fc5 use iptables rpm source, you need iptables from tar.gz/bz source > >> - uninstall the iptables rpm, > >> - download tar.gz/bz source from netfilter.org > >> - patch it with iptables-1.3-cttproxy.diff before ./configure > >> > >> > >> rgds, > >> Tino > >> > >> ----- Original Message ----- > >> From: "Sunil K.P." <sunil@xxxxxxxxxxx> > >> To: <squid-users@xxxxxxxxxxxxxxx> > >> Sent: Friday, August 11, 2006 4:33 PM > >> Subject: Squid -2.6 with Tproxy > >> > >> > >> > >>> Hi, > >>> > >>> I have squid 2.6 STABLE 2 running on FC 2.6.15.2. > >>> It is working fine in transparent mode. > >>> > >>> But I am trying to use Tproxy so that all the requests will spoofed to > >>> show the clients IP address and not the cache server. > >>> The patches have been applied to the kernel, compiled and applied as per > >>> procedure. > >>> After restarting the system the modules ipt_tproxy and ipt_TPROXY are > >>> loaded. > >>> > >>> The problem starts when I apply the following iptables rule > >>> iptables -t tproxy -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j > >>> TPROXY --on-port 3128 > >>> > >>> The traffic stops going thru the cache server. If the rule is removed > >>> the traffic goes smoothly. > >>> Cache.log shows the following error > >>> tproxy ip=192.168.10.11,0x9eec383e,port=0 ERROR ASSIGN > >>> > >>> There seems to be no proper documentation for implementation of tproxy > >>> with squid on the net. > >>> Pls. advice. > >>> > >>> Regards > >>> Sunil > >>> > -- Angel Mieres - amieres@xxxxxxxxxxxxxxxxxx ///////////////////////////////////////// Gentoo has you...
