Search squid archive

Re: Flag this message Trouble building Squid with Linux Transparent Proxy support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Robert V. Coward wrote:

Chris Robertson:
After installing the devel kernel:

yum -y install kernel.i686 kernel-devel.i686

I now have the netfilter header file:

[root@squid0 ~]# find /usr/include -name netfilter_ipv4.h
/usr/include/linux/netfilter_ipv4.h

However I still get errors:
checking for linux/netfilter_ipv4.h... no
checking for linux/netfilter_ipv4/ip_tproxy.h... no

Are these just related to the --enable-linux-tproxy option?
Yes. It's only needed for TPROXY v2.2. The v4 pieces are fully integrated into latest netfilter kernel code. If its present in the kernel Squid-3/HEAD can use it. 



I also see this:

Linux (Netfilter) Transparent Proxy enabled
Thats the netfilter support being detected. If its current enough to include the v4 TPROXY you are set.
The real test now comes after starting squid with at least one "http_port... tproxy" entry.
You will get cache.log messages at "debug_options 89,1" about interception (DNAT/REDIRECT) and/or transparency (TPROXY) starting/stopping/failing.
If your kernel is mising TPROXYv4 support you will see messages about IP_TRANSPARENT failing.
If its going okay you get only the start and stop messages. Maybe some about interception failing on tproxy requests that I haven't silenced properly yet. 

Amos



Amos Jeffries:
I'd like to use the lastest verion of TPROXY, that matches my Fedora netfilter version. 
Those are squids tests for v2.2 support (due to the --enable-tproxy
option). If thats the right version of TPROXY you wanted, AND you have
patched your kernel correctly prior to building squid, I'll take a look
and see why its failing.

   I will try the configure without this option as I would like to tuse TPROXY4+ I guess.

If you meant to build with the new TPROXYv4+ support, you will need the
3-HEAD (3.1 beta) code. The -tproxy option only needed to enable v2.2
support there.

   So what you are saying is that if I want to use TPROXYv4+, I need to grab the beta code from here:
http://www.squid-cache.org/Versions/v3/HEAD/
if I want to get TPROXYv4+? Additionally I do not need to add the -tproxy option when I run the configure?

R


Amos
--
Please use Squid 2.7.STABLE3 or 3.0.STABLE7
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux