Hi Henrik, Thanks for the reply. > a) You don't have libcap development files installed. (likely) Yes, i don't have before. So i install: dpkg -l |grep libcap ii libcap-bin 1.10-14 basic utility programs for using capabilitie ii libcap-dev 1.10-14 development libraries and header files for l ii libcap1 1.10-14 support for getting/setting POSIX.1e capabil ii libcapi20-3 3.9.20060704-3 libraries for CAPI support ii libcapi20-dev 3.9.20060704-3 libraries for CAPI support ii libcapsinetwork-dev 0.3.0-2 C++ network server library, development file ii libcapsinetwork0c2a 0.3.0-2 C++ network server library > b) Your kernel is not build with capabilities support (unlikely) i think my kernel support. > c) You are starting Squid as a normal user. To use tproxy Squid needs to be > started as root. (it will then change user to cache_effective_user). I have changed and run squid as root. After install and reconfigure the squid, i don't see the same warning again. But client still fail to access the site. no error message on cache.log. I tried tcpdump on squid server and web server, i see squid creates additional port (virtual port) for client ip everytime client requst the site. The tcpdump on web server, i see the same client IP and additional port number from squid. below is tcpdump on squid server: 11:51:57.992084 IP spoffs96-166.domain.com.3364 > squidserver.net.www: S 2203251959:2203251959(0) win 65535 <mss 14 60,nop,nop,sackOK> 11:51:57.992120 IP squidserver.net.www > spoffs96-166.domain.com.3364: S 337815390:337815390(0) ack 2203251960 win 5840 <mss 1460> 11:51:57.993626 IP spoffs96-166.domain.com.3364 > squidserver.net.www: . ack 1 win 65535 11:51:57.994839 IP spoffs96-166.domain.com.3364 > squidserver.net.www: P 1:417(416) ack 1 win 65535 11:51:57.994860 IP squidserver.net.www > spoffs96-166.domain.com.3364: . ack 417 win 6432 11:51:57.998899 IP spoffs96-166.domain.com.57608 > webserver.domain.com.www: S 342806160:342806160(0) win 5840 <mss 1460> 11:52:00.998801 IP spoffs96-166.domain.com.57608 > webserver.domain.com.www: S 342806160:342806160(0) win 5840 <mss 1460> 11:52:07.000788 IP spoffs96-166.domain.com.57608 > webserver.domain.com.www: S 342806160:342806160(0) win 5840 <mss 1460> 11:52:19.001168 IP spoffs96-166.domain.com.56352 > webserver.domain.com.www: S 365870364:365870364(0) win 5840 <mss 1460> 11:52:22.004209 IP spoffs96-166.domain.com.56352 > webserver.domain.com.www: S 365870364:365870364(0) win 5840 <mss 1460> 11:52:28.002177 IP spoffs96-166.domain.com.56352 > webserver.domain.com.www: S 365870364:365870364(0) win 5840 <mss 1460> 11:52:40.002068 IP spoffs96-166.domain.com.52615 > webserver.domain.com.www: S 380458351:380458351(0) win 5840 <mss 1460> 11:52:43.000970 IP spoffs96-166.domain.com.52615 > webserver.domain.com.www: S 380458351:380458351(0) win 5840 <mss 1460> 11:52:49.002960 IP spoffs96-166.domain.com.52615 > webserver.domain.com.www: S 380458351:380458351(0) win 5840 <mss 1460> 11:53:00.998989 IP squidserver.net.www > spoffs96-166.domain.com.3364: P 1:1155(1154) ack 417 win 6432 11:53:00.999110 IP squidserver.net.www > spoffs96-166.domain.com.3364: F 1155:1155(0) ack 417 win 6432 11:53:01.001599 IP spoffs96-166.domain.com.3364 > squidserver.net.www: . ack 1156 win 64381 11:53:01.002440 IP spoffs96-166.domain.com.3364 > squidserver.net.www: F 417:417(0) ack 1156 win 64381 11:53:01.002460 IP squidserver.net.www > spoffs96-166.domain.com.3364: . ack 418 win 6432 and below on web server: 11:51:58.033089 IP spoffs96-166.domain.com.57608 > webserver.domain.com.www: S 342806160:342806160(0) win 5840 <mss 1460> 11:51:58.036154 IP webserver.domain.com.www > spoffs96-166.domain.com.57608: S 2822765614:2822765614(0) ack 342806161 win 5840 <mss 1460> 11:52:01.031760 IP spoffs96-166.domain.com.57608 > webserver.domain.com.www: S 342806160:342806160(0) win 5840 <mss 1460> 11:52:01.031777 IP webserver.domain.com.www > spoffs96-166.domain.com.57608: S 2822765614:2822765614(0) ack 342806161 win 5840 <mss 1460> 11:52:01.595209 IP webserver.domain.com.www > spoffs96-166.domain.com.57608: S 2822765614:2822765614(0) ack 342806161 win 5840 <mss 1460> 11:52:07.032123 IP spoffs96-166.domain.com.57608 > webserver.domain.com.www: S 342806160:342806160(0) win 5840 <mss 1460> 11:52:07.032139 IP webserver.domain.com.www > spoffs96-166.domain.com.57608: S 2822765614:2822765614(0) ack 342806161 win 5840 <mss 1460> 11:52:07.595210 IP webserver.domain.com.www > spoffs96-166.domain.com.57608: S 2822765614:2822765614(0) ack 342806161 win 5840 <mss 1460> 11:52:19.033727 IP spoffs96-166.domain.com.56352 > webserver.domain.com.www: S 365870364:365870364(0) win 5840 <mss 1460> 11:52:19.033748 IP webserver.domain.com.www > spoffs96-166.domain.com.56352: S 2352674672:2352674672(0) ack 365870365 win 5840 <mss 1460> 11:52:22.036936 IP spoffs96-166.domain.com.56352 > webserver.domain.com.www: S 365870364:365870364(0) win 5840 <mss 1460> 11:52:22.036950 IP webserver.domain.com.www > spoffs96-166.domain.com.56352: S 2352674672:2352674672(0) ack 365870365 win 5840 <mss 1460> 11:52:23.395209 IP webserver.domain.com.www > spoffs96-166.domain.com.56352: S 2352674672:2352674672(0) ack 365870365 win 5840 <mss 1460> 11:52:28.035360 IP spoffs96-166.domain.com.56352 > webserver.domain.com.www: S 365870364:365870364(0) win 5840 <mss 1460> 11:52:28.035376 IP webserver.domain.com.www > spoffs96-166.domain.com.56352: S 2352674672:2352674672(0) ack 365870365 win 5840 <mss 1460> 11:52:29.395209 IP webserver.domain.com.www > spoffs96-166.domain.com.56352: S 2352674672:2352674672(0) ack 365870365 win 5840 <mss 1460> 11:52:40.036205 IP spoffs96-166.domain.com.52615 > webserver.domain.com.www: S 380458351:380458351(0) win 5840 <mss 1460> 11:52:40.036225 IP webserver.domain.com.www > spoffs96-166.domain.com.52615: S 1881647911:1881647911(0) ack 380458352 win 5840 <mss 1460> 11:52:43.035416 IP spoffs96-166.domain.com.52615 > webserver.domain.com.www: S 380458351:380458351(0) win 5840 <mss 1460> 11:52:43.035428 IP webserver.domain.com.www > spoffs96-166.domain.com.52615: S 1881647911:1881647911(0) ack 380458352 win 5840 <mss 1460> 11:52:43.995210 IP webserver.domain.com.www > spoffs96-166.domain.com.52615: S 1881647911:1881647911(0) ack 380458352 win 5840 <mss 1460> 11:52:49.038087 IP spoffs96-166.domain.com.52615 > webserver.domain.com.www: S 380458351:380458351(0) win 5840 <mss 1460> 11:52:49.038108 IP webserver.domain.com.www > spoffs96-166.domain.com.52615: S 1881647911:1881647911(0) ack 380458352 win 5840 <mss 1460> 11:52:50.195210 IP webserver.domain.com.www > spoffs96-166.domain.com.52615: S 1881647911:1881647911(0) ack 380458352 win 5840 <mss 1460> looks both squid and web server only send "S" packets untill squid gives up and reply with "(110) Connection timed out" to client. Does it mean the packet lost from web server back to squid server? Rgds, JW > -----Original Message----- > From: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx] > Sent: Thursday, September 27, 2007 9:47 PM > To: josse wang > Cc: squid-users > Subject: Re: squid log with "Missing needed capabilitysupport. > Will continue without tproxy support" > > On tor, 2007-09-27 at 17:18 +0800, josse wang wrote: > > > I am testing squid+tproxy on my linux box but still can not get the > > real source client IP. After i check on cache.log, i get message " > > Missing needed capability support. Will continue without tproxy > > support" > > Possible causes > > a) You don't have libcap development files installed. (likely) > > b) Your kernel is not build with capabilities support (unlikely) > > c) You are starting Squid as a normal user. To use tproxy Squid needs to be > started as root. (it will then change user to cache_effective_user). > > Regards > Henrik > >