For a very light use... Even a single PC would experience problems with squid 3.1 and TPROXY 4.1... I switched back to 2.6.20.21+cttproxy and squid 2.6STAB-20 for a time being. On Friday 30 May 2008 09:05, Amos Jeffries wrote: > > That is interesting to note, and part of where my > > problem lies. Given the way the files are marked on the > > balabit site, I would not have known of the support > > versions and differences. I just downloaded the patches > > for the versions of squid, iptables, and kernel I was > > using. > > So you have the Balabit 2.6s18 patch mentioned at > http://wiki.squid-cache.org/Features/TproxyUpdate > > > During the setup of the software, so far anyway, I have > > not seen ways to specify the version of Tproxy, etc. > > The initial tproxy README file I was using must have > > been an older version because it didn't use the > > difference in iptables table names that the newer > > README mentions, and that someone was gracious enough > > to point out to me on the TPROXY listserv. > > It's a little bit tricky at present, Balabit no longer > support v2.2 and I don't know if/where one would get the > necessary patches. > > Squid-2 performs detection at configure time with > --enable-tproxy to see if its supported tproxy method is > available, disabling tproxy support and warns if its not. > The configure log I believe should tell you if it was > successful or failed. > > Unless you able to use the old version, I don't think it > will succeed though. You may need to migrate to 3-HEAD, > its beta testing code, but stable enough for light use. > > Amos > > > Once I get Tproxy working, I would love to contribute > > docs to the squid project. > > > > On the Tproxy enabled system I have now, which is the > > same unit as my working WCCP/Squid 2.6 boxes now, WCCP > > does not seem to be redirecting traffic to the squid > > box. I am sure it is something I have done wrong, and > > will figure out, but I wanted to be sure the end result > > was possible before spending more time on the project. > > > > I am currently using the following for my TPROXY setup: > > > > CentOS 5.1 x86_64 > > Squid 2.6 STABLE 18 (custom compiled) > > iptables 1.4.0 (custom compiled) > > kernel 2.6.25.4 (custom compiled) > > tproxy-iptables-1.4.0-20080521-113954-1211362794.patch > > tproxy-kernel-2.6.25-20080519-165031-1211208631.tar.bz2 > > tproxy-squid-2.6-STABLE18.20080304-110716-1204625236.pa > >tch > > > > > > BTW - to Henrik, I was aware of a websense piece that > > ran on a linux/windows based Squid box running squid > > 2.5. The issues I currently have with that are: > > > > 1) Is the squid agent free to enterprise users? (I > > posed this question to our sales rep) > > 2) Does it support Squid 2.6, or only 2.5. > > 3) Does it truly change the reporting such that > > original client Ips can be seen, or does it just fetch > > enforcement policies? > > > > > > > > -----Original Message----- > > From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] > > Sent: Thursday, May 29, 2008 7:12 AM > > To: Ritter, Nicholas > > Cc: Adrian Chadd; squid-users@xxxxxxxxxxxxxxx > > Subject: Re: squid 2.6, wccp and tproxy > > > > Ritter, Nicholas wrote: > >> In websense the client IP addresses that show up are > >> those of the > > > > squid boxes I have deployed. Websense does not utilize, > > as far as I know, the x-forwarded-for header. > > > >> The doc on squid-cache.org about how to setup TPROXY > >> with squid is a > > > > bit out of date because the latest version of tproxy > > uses the mangle table and not a tproxy table. > > > > > > The docs as far as we know are correct for all current > > releases of Squid. > > Unpatched Squid up to 3.1 still require TPROXY v2.2, so > > far only 3-HEAD/3.1 has proper integrated support for > > TPROXY v4+ > > > > If you have any updates for the wiki regarding the > > TPROXYv4 configs for when 3.1 is released, please point > > out the variations. > > > > Amos > > > >> Nick > >> > >> > >> -----Original Message----- > >> From: Adrian Chadd [mailto:adrian@xxxxxxxxxxxxxxx] > >> Sent: Wed 5/28/2008 4:52 PM > >> To: Ritter, Nicholas > >> Cc: squid-users@xxxxxxxxxxxxxxx > >> Subject: Re: squid 2.6, wccp and tproxy > >> > >> On Wed, May 28, 2008, Ritter, Nicholas wrote: > >>> Can tproxy, squid 2.6, and wccp be used together? > >> > >> Yes. > >> > >>> I want to work around the hiding of the original > >>> client ip because it > >>> > >>> is breaking websense. Any suggestions/comments? > >> > >> What do you mean? > >> > >>> Nick > > > > -- > > Please use Squid 2.7.STABLE1 or 3.0.STABLE6
