Search squid archive

Re: Please give a solution - Tproxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



adnan wrote:

----- Original Message ----- From: "Amos Jeffries" <squid3@xxxxxxxxxxxxx>
To: "Monzur Md.. Alam" <monzur@xxxxxxxxxxxx>
Cc: <squid-users@xxxxxxxxxxxxxxx>
Sent: Monday, May 04, 2009 7:19 PM
Subject: Re:  Please give a solution - Tproxy


Monzur Md.. Alam wrote:
Dear all,

I have gone the the procedure as described at the following URL
URL: http://wiki.squid-cache.org/Features/Tproxy4#head-f17bb712222beeb0aa083f02237aad6fdfaa1be2

I have successfully complied kernel:2.6.28.1 and iptables:1.4.3 with tproxy:2.6.25-20080519-165031-1211208631.tar.bz2


What is "tproxy:2.6.25-20080519-165031-1211208631.tar.bz2" ??
It's not part of the Squid TPROXY v4 tools that I know of.

He (Monzur) means, tproxy-kernel-2.6.25-20080519-165031-1211208631.tar.bz2, for the support of
NF_CONNTRACK
NETFILTER_TPROXY
NETFILTER_XT_MATCH_SOCKET
NETFILTER_XT_TARGET_TPROXYabove feature in the kernel we patched above "tproxy-kernelxxx" patch to the kernel.Do you think we should avoid tproxy-kernel patch for TPROXY v4?

Ah you said you had kernel 2.6.28.
That is a patch for 2.6.25 kernel _only_.

There is no patching needed for kernel 2.6.28, which is why its listed on the wiki page as recommended minimum version.


  If so, how can we will
getNF_CONNTRACK, NETFILTER_TPROXY, NETFILTER_XT_MATCH_SOCKET, NETFILTER_XT_TARGET_TPROXY in thekernel?

During normal confugure + build sequence of the kernel they should appear somewhere in the netfilter or iptabels sections of the configure.

If you have that patch in your 2.6.28, you will need to rebuild without any breakage it may have caused. Thats a good time to do a reconfigure from clean kernel source.


> >> Now when I run following ipables commands, all the commands>> running without any problem except....>> >> iptables 1.4.3 Configuration>> iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT>> >> and error messege shown:>> >> [root@hpproxy ~]# iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT>> iptables: No chain/target/match by that name. Run `dmesg' for more information.
[root@hpproxy ~]#

Something is missing from your iptables. Possibly the kernel is not built with all the new TPROXY options or has not loaded the right modules. Follow its advice and run dmesg to find out more details.


When we run the command without "-m socket" it's run without error. Can you please write which
thing are missing in the kernel or iptables software?

The versions listed on the Squid wiki page are missing nothing important. Should work with vanilla code no patches. Only a kernel and Squid configuration settings needed during build.

Is this command or option "-m socket" is mandotary to run Squid with Tproxy support?

Yes it is. Using the correct versions of software and not patching will fix this issue for you.


Amos
--
Please be using
  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
  Current Beta Squid 3.1.0.7

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux