Search squid archive

Re: WARNING: comm_open: setsockopt(IP_TRANSPARENT) not supported on this platform

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Ted Kaczmarek wrote:

On Aug 15, 2008, at 9:34 AM, Amos Jeffries wrote:

Ted Kaczmarek wrote:
With squid-3.HEAD-20080814 I am seeing this message.
WARNING: comm_open: setsockopt(IP_TRANSPARENT) not supported on this platform
It does not matter if I configure  wit or without
--enable-tproxy
and or
--enable-linux-netfilter.
What is the correct option for Tproxy4 support?

--enable-netfilter

NOTE: your kernel needs to be correctly patched for TPROXY options to work.

Going through all these related Tproxy posts ona various can really send one for ride :-)
Regards,
Ted

A how-to has recently been added to the wiki. It's not quite 100% complete but should give you a good basis to start from.

http://wiki.squid-cache.org/ConfigExamples/TPROXYPatchingCentOS


Amos
--
Please use Squid 2.7.STABLE3 or 3.0.STABLE8

Amos,

thanks, that and few hunder other posts are how I have gotten me this far :-)


[root@labdev ~]# dmesg | grep -i tproxy
NF_TPROXY: Transparent proxy support initialized, version 4.1.0
NF_TPROXY: Copyright (c) 2006-2007 BalaBit IT Ltd.
ip_tables: TPROXY target: only valid in mangle table, not nat


[root@labdev ~]# squid -v
Squid Cache: Version 3.HEAD-20080814
configure options: '--prefix=/usr' '--includedir=/usr/include' '--datadir=/usr/share' '--bindir=/usr/sbin' '--libexecdir=/usr/lib/squid' '--localstatedir=/var/squid' '--sysconfdir=/etc/squid' '--enable-epoll' '--enable-delay-pools' '-enable-cachemgr-hostname=localhost' '--enable-linux-netfilter' '--enable-auto-locale' --enable-ltdl-convenience

[root@labdev ~]# lsmod | grep -i tprox
xt_TPROXY               6144  0
nf_defrag_ipv4          5888  2 nf_conntrack_ipv4,xt_TPROXY
nf_tproxy_core          6400  1 xt_TPROXY,[permanent]
x_tables               15364  4 xt_tcpudp,iptable_nat,xt_TPROXY,ip_tables

2.6.25.11 kernel and iptables 1.4.

Am I missing something?


Yes:  "TPROXY target: only valid in mangle table, not nat"

Looks like you are confusing the iptables uses:
 nat (sees FIRST packet of a stream only)
 mangle (sees ALL packets to perform low-level alterations)

TPROXY needs to be applied to all packets, so your rules need to specify mangle table where you currently have nat table.

Amos
--
Please use Squid 2.7.STABLE3 or 3.0.STABLE8

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux