Hi Squid-users, I am testing squid+tproxy on my linux box but still can not get the real source client IP. After i check on cache.log, i get message " Missing needed capability support. Will continue without tproxy support" below is the network diagram: client PC (browser point to proxy server port 80)<------->squid+tproxy<-------->WAN<------>Web servers software info: - patch using cttproxy-2.6.19-2.0.6 - Linux mypc 2.6.19.7 #2 SMP Mon Sep 24 15:42:23 SGT 2007 i686 GNU/Linux and enable tproxy,conntrack, nat on kernel. CONFIG_IP_NF_TPROXY=y CONFIG_IP_NF_MATCH_TPROXY=y CONFIG_IP_NF_TARGET_TPROXY=y CONFIG_IP_NF_NAT=y CONFIG_IP_NF_NAT_NEEDED=y # CONFIG_IP_NF_NAT_NRES is not set CONFIG_IP_NF_NAT_FTP=y CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y CONFIG_IP_NF_CONNTRACK=y CONFIG_IP_NF_CONNTRACK_MARK=y - echo 1 > /proc/sys/net/ipv4/ip_forward - echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter - Squid Cache: Version 2.6.STABLE16 configure options: '--enable-cache-digests' '--enable-underscores' '--enable-async-io' '--enable-storeio=ufs,a ufs' '--enable-poll' '--with-maxfd=8192' '--enable-dlmalloc' '--enable-linux-tproxy' '--enable-linux-netfilter' - added on squid.conf: http_port 8080 tproxy transparent tcp_outgoing_address xxx.xxx.xxx.xxx(squid IP server) via off forwarded_for off server_persistent_connections off - iptable: #iptables -t tproxy -A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY --on-port 8080 # iptables -L -t tproxy Chain PREROUTING (policy ACCEPT) target prot opt source destination TPROXY tcp -- anywhere anywhere tcp dpt:www TPROXY redirect 0.0.0.0:8080 I tried to point my browser to squid server port 80, and seem tproxy success redirect the request to port 8080. Squid runs as normal. No error message on cache.log. Anyone can tell me what does the message " Missing needed capability support. Will continue without tproxy support" mean and anything wrong with my testing? Thanks for advance. Rgds, JW
