> > That is interesting to note, and part of where my problem lies. Given > the way the files are marked on the balabit site, I would not have known > of the support versions and differences. I just downloaded the patches > for the versions of squid, iptables, and kernel I was using. So you have the Balabit 2.6s18 patch mentioned at http://wiki.squid-cache.org/Features/TproxyUpdate > > During the setup of the software, so far anyway, I have not seen ways to > specify the version of Tproxy, etc. The initial tproxy README file I was > using must have been an older version because it didn't use the > difference in iptables table names that the newer README mentions, and > that someone was gracious enough to point out to me on the TPROXY > listserv. It's a little bit tricky at present, Balabit no longer support v2.2 and I don't know if/where one would get the necessary patches. Squid-2 performs detection at configure time with --enable-tproxy to see if its supported tproxy method is available, disabling tproxy support and warns if its not. The configure log I believe should tell you if it was successful or failed. Unless you able to use the old version, I don't think it will succeed though. You may need to migrate to 3-HEAD, its beta testing code, but stable enough for light use. Amos > > Once I get Tproxy working, I would love to contribute docs to the squid > project. > > On the Tproxy enabled system I have now, which is the same unit as my > working WCCP/Squid 2.6 boxes now, WCCP does not seem to be redirecting > traffic to the squid box. I am sure it is something I have done wrong, > and will figure out, but I wanted to be sure the end result was possible > before spending more time on the project. > > I am currently using the following for my TPROXY setup: > > CentOS 5.1 x86_64 > Squid 2.6 STABLE 18 (custom compiled) > iptables 1.4.0 (custom compiled) > kernel 2.6.25.4 (custom compiled) > tproxy-iptables-1.4.0-20080521-113954-1211362794.patch > tproxy-kernel-2.6.25-20080519-165031-1211208631.tar.bz2 > tproxy-squid-2.6-STABLE18.20080304-110716-1204625236.patch > > > BTW - to Henrik, I was aware of a websense piece that ran on a > linux/windows based Squid box running squid 2.5. The issues I currently > have with that are: > > 1) Is the squid agent free to enterprise users? (I posed this question > to our sales rep) > 2) Does it support Squid 2.6, or only 2.5. > 3) Does it truly change the reporting such that original client Ips can > be seen, or does it just fetch enforcement policies? > > > > -----Original Message----- > From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] > Sent: Thursday, May 29, 2008 7:12 AM > To: Ritter, Nicholas > Cc: Adrian Chadd; squid-users@xxxxxxxxxxxxxxx > Subject: Re: squid 2.6, wccp and tproxy > > Ritter, Nicholas wrote: >> In websense the client IP addresses that show up are those of the > squid boxes I have deployed. Websense does not utilize, as far as I > know, the x-forwarded-for header. >> >> The doc on squid-cache.org about how to setup TPROXY with squid is a > bit out of date because the latest version of tproxy uses the mangle > table and not a tproxy table. >> > > The docs as far as we know are correct for all current releases of > Squid. > Unpatched Squid up to 3.1 still require TPROXY v2.2, so far only > 3-HEAD/3.1 has proper integrated support for TPROXY v4+ > > If you have any updates for the wiki regarding the TPROXYv4 configs for > when 3.1 is released, please point out the variations. > > Amos > >> Nick >> >> >> -----Original Message----- >> From: Adrian Chadd [mailto:adrian@xxxxxxxxxxxxxxx] >> Sent: Wed 5/28/2008 4:52 PM >> To: Ritter, Nicholas >> Cc: squid-users@xxxxxxxxxxxxxxx >> Subject: Re: squid 2.6, wccp and tproxy >> >> On Wed, May 28, 2008, Ritter, Nicholas wrote: >>> Can tproxy, squid 2.6, and wccp be used together? >> >> Yes. >> >>> I want to work around the hiding of the original client ip because it > >>> is breaking websense. Any suggestions/comments? >> >> What do you mean? >> >> >>> Nick >> > > > -- > Please use Squid 2.7.STABLE1 or 3.0.STABLE6 > >
