That is interesting to note, and part of where my problem lies. Given the way the files are marked on the balabit site, I would not have known of the support versions and differences. I just downloaded the patches for the versions of squid, iptables, and kernel I was using. During the setup of the software, so far anyway, I have not seen ways to specify the version of Tproxy, etc. The initial tproxy README file I was using must have been an older version because it didn't use the difference in iptables table names that the newer README mentions, and that someone was gracious enough to point out to me on the TPROXY listserv. Once I get Tproxy working, I would love to contribute docs to the squid project. On the Tproxy enabled system I have now, which is the same unit as my working WCCP/Squid 2.6 boxes now, WCCP does not seem to be redirecting traffic to the squid box. I am sure it is something I have done wrong, and will figure out, but I wanted to be sure the end result was possible before spending more time on the project. I am currently using the following for my TPROXY setup: CentOS 5.1 x86_64 Squid 2.6 STABLE 18 (custom compiled) iptables 1.4.0 (custom compiled) kernel 2.6.25.4 (custom compiled) tproxy-iptables-1.4.0-20080521-113954-1211362794.patch tproxy-kernel-2.6.25-20080519-165031-1211208631.tar.bz2 tproxy-squid-2.6-STABLE18.20080304-110716-1204625236.patch BTW - to Henrik, I was aware of a websense piece that ran on a linux/windows based Squid box running squid 2.5. The issues I currently have with that are: 1) Is the squid agent free to enterprise users? (I posed this question to our sales rep) 2) Does it support Squid 2.6, or only 2.5. 3) Does it truly change the reporting such that original client Ips can be seen, or does it just fetch enforcement policies? -----Original Message----- From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] Sent: Thursday, May 29, 2008 7:12 AM To: Ritter, Nicholas Cc: Adrian Chadd; squid-users@xxxxxxxxxxxxxxx Subject: Re: squid 2.6, wccp and tproxy Ritter, Nicholas wrote: > In websense the client IP addresses that show up are those of the squid boxes I have deployed. Websense does not utilize, as far as I know, the x-forwarded-for header. > > The doc on squid-cache.org about how to setup TPROXY with squid is a bit out of date because the latest version of tproxy uses the mangle table and not a tproxy table. > The docs as far as we know are correct for all current releases of Squid. Unpatched Squid up to 3.1 still require TPROXY v2.2, so far only 3-HEAD/3.1 has proper integrated support for TPROXY v4+ If you have any updates for the wiki regarding the TPROXYv4 configs for when 3.1 is released, please point out the variations. Amos > Nick > > > -----Original Message----- > From: Adrian Chadd [mailto:adrian@xxxxxxxxxxxxxxx] > Sent: Wed 5/28/2008 4:52 PM > To: Ritter, Nicholas > Cc: squid-users@xxxxxxxxxxxxxxx > Subject: Re: squid 2.6, wccp and tproxy > > On Wed, May 28, 2008, Ritter, Nicholas wrote: >> Can tproxy, squid 2.6, and wccp be used together? > > Yes. > >> I want to work around the hiding of the original client ip because it >> is breaking websense. Any suggestions/comments? > > What do you mean? > > >> Nick > -- Please use Squid 2.7.STABLE1 or 3.0.STABLE6
