> Did you ever get this going? I have successfully setup a > squid2.6/tproxy/iptables server, and I have successfully setup a > squid2.6/wccp server and now I'm trying to combine both of them, but I > think the iptables commands i'm trying are wrong. Do you have any > suggestions? Squid 2.6 does not have Tproxy v4.1+ support. Nick was testing a 3-HEAD Squid server. We just got it going yesterday :-) the patch to Squid-3 is in HEAD now. Though a few alterations to the kernel side of TPROXY were also needed, which may not have been added to the Balabit side quite yet. The How-to about kernel patching is still awaiting a few adjustments due in shortly. Amos > > Thanks, > Dan. > > On Fri, May 30, 2008 at 3:58 PM, Ritter, Nicholas > <Nicholas.Ritter@xxxxxxxxxxxxxx> wrote: >> What exactly are the redirection rules for wccp/iptables 1.4/squid >> 2.6/tproxy look like? I have browsed the Internet plus messed with it >> for a while now and found that the README rules don't fully work, and >> the examples on the Internet don't fully work. >> >> Symptomatically, I see the router redirecting via the GRE tunnel, the >> squid box sees the gre packets (2.6 kernel), but ifconfig does not show >> the GRE interface counters incrementing, and the squid service run in >> debug mode shows no transactions. Something is wrong with either my >> iptables rules or my GRE tunnel setup. I don't think it is the GRE >> tunnel because I set it up the same exact was as I did the non-tproxy >> squid boxes that I have in the same setup which are working. >> >> Any help would be a appreciated. I can provide my rule setup, etc. if >> needed. My knowledge and direct interaction is limited with iptables, >> which is one more reason why I think the problem is there. BTW - my >> system log does show the tproxy module loading. >> >> Nick >> >
