Search squid archive

Re: Squid -2.6 with Tproxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



have you try my last hints ?
I'm using fc4 , then upgrade it to kernel 2.6.15.7 ( did you use fc5 ? then I could be some problem to downgrade from original 2.6.16 to 2.6.15 ?) & patch cttproxy-2.6.15-2.0.4.tar.gz

iptables-1.3.0.tar.bz2 from netfilter.org (first i was using 1.3.4 & 5 which not working)

after patch with balabit iptables, ./configure & make

make sure  libipt_tproxy.so exist in /lib/iptables.

If it is not there, than you have to 'gcc' manually from iptables source you
extracted, check inside folder at   <iptables source>/extentions/

regards,
Tino

----- Original Message ----- From: "Angel Mieres" <amieres@xxxxxxxxxxxxxxxxxx>
To: "Sunil K.P." <sunil@xxxxxxxxxxx>
Cc: <squid-users@xxxxxxxxxxxxxxx>
Sent: Friday, August 18, 2006 7:08 PM
Subject: Re:  Squid -2.6 with Tproxy


Sorry Sunil for my late reply (i have problems with my internet
provider)

Of course i haven't been able to implement Tproxy, im using since start
only sources and all looks like compile ok.

This is my procedure:
- I patch kernel 2.6.15.2 vanilla with balabit patch from
cttproxy-2.6.15-2.0.4.tar.gz
- modify my kernel adding TPROXY support.
- compiled & etc etc etc
- patch iptables sources 1.3.4 , make KERNEL_DIR=... && make install
KERNEL_DIR=...
- On squid-2.6STABLE2...   "./configure --enable-linux-tproxy
--enable-linux-netfilter && make all && make install" (if in this step
you have problems copy <kernel_dir>/include/linux/netfilter_ipv4/ into
your /usr/include/linux/netfilter_ipv4/ )

When i try to run squid in tproxy mode... Meeeak! Error port assign 0!
I think im dreaming with this error all nights xD, the error looks like
it's not able to spoofing clients.

Can someone help us with this stuff?



El mié, 16-08-2006 a las 21:32 +0100, Sunil K.P. escribió:
Hi Angel,

Have you been able to implement Tproxy successfully?

Regards
Sunil

Angel Mieres wrote:
> Sunil, im trying to do the same that you are trying, i patched iptables
> 1.3.5 & 1.3.4 and the problem persist.
>
> Tino, have you work this succesfully? could you told me version have > you > used?(i refer iptables, patch aplied, kernel used, patch tproxy > used...)
>
> Im using kernel 2.6.15.2 with balabit tproxy patch iptables 1.3.5 and
> squid 2.6 STABLE2 and always squid debug mode show me the same that > show
> Sunil.
>
> I think that my problem is on iptables version and his patch.
>
> Regards,
> Angel M.
>
>
>> Your iptables patch not complete
>> fc5 use iptables rpm source, you need iptables from tar.gz/bz source
>> - uninstall the iptables rpm,
>> - download tar.gz/bz source from netfilter.org
>> - patch it with iptables-1.3-cttproxy.diff  before ./configure
>>
>>
>> rgds,
>> Tino
>>
>> ----- Original Message ----- >> From: "Sunil K.P." <sunil@xxxxxxxxxxx>
>> To: <squid-users@xxxxxxxxxxxxxxx>
>> Sent: Friday, August 11, 2006 4:33 PM
>> Subject:  Squid -2.6 with Tproxy
>>
>>
>>
>>> Hi,
>>>
>>> I have squid 2.6 STABLE 2 running on FC 2.6.15.2.
>>> It is working fine in transparent mode.
>>>
>>> But I am trying to use Tproxy so that all the requests will spoofed >>> to
>>> show the clients IP address and not the cache server.
>>> The patches have been applied to the kernel, compiled and applied as >>> per
>>> procedure.
>>> After restarting the system the modules ipt_tproxy and ipt_TPROXY are
>>> loaded.
>>>
>>> The problem starts when I apply the following iptables rule
>>> iptables -t tproxy -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j
>>> TPROXY --on-port 3128
>>>
>>> The traffic stops going thru the cache server. If the rule is removed
>>> the traffic goes smoothly.
>>> Cache.log shows the following error
>>> tproxy ip=192.168.10.11,0x9eec383e,port=0 ERROR ASSIGN
>>>
>>> There seems to be no proper documentation for implementation of >>> tproxy
>>> with squid on the net.
>>> Pls. advice.
>>>
>>> Regards
>>> Sunil
>>>

--
Angel Mieres - amieres@xxxxxxxxxxxxxxxxxx
///////////////////////////////////////// Gentoo has you...



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux