Monzura Alam wrote:
Dear Amos,
Thank you to your suggestion. We have a successfully patching
tproxy-iptables and tproxy-kernel.
I worry that you are still mentioning patching. Since the supported code
needs none. But if you are getting it to work properly and have tested
that it goes, then okay.
Then how can i configured WCCP
configuration in L4 WCCPv2 with GRE interface in my Linux box. It's also
mention that we have used Centos 5.2 and Squid v3.1.
Ah WCCP is another matter entirely. I can point you at the config
examples but must say good luck with it. I have no direct experience to
speak from there and its a tricky subject.
http://wiki.squid-cache.org/ConfigExamples/Intercept/
Amos
thanks
Monzur
----- Original Message ----- From: "Amos Jeffries" <squid3@xxxxxxxxxxxxx>
To: "adnan" <adnan@xxxxxxxxxxxx>
Cc: "Monzur Md.. Alam" <monzur@xxxxxxxxxxxx>; <squid-users@xxxxxxxxxxxxxxx>
Sent: Tuesday, May 05, 2009 7:31 PM
Subject: Re: Please give a solution - Tproxy
adnan wrote:
----- Original Message ----- From: "Amos Jeffries"
<squid3@xxxxxxxxxxxxx>
To: "Monzur Md.. Alam" <monzur@xxxxxxxxxxxx>
Cc: <squid-users@xxxxxxxxxxxxxxx>
Sent: Monday, May 04, 2009 7:19 PM
Subject: Re: Please give a solution - Tproxy
Monzur Md.. Alam wrote:
Dear all,
I have gone the the procedure as described at the following URL
URL:
http://wiki.squid-cache.org/Features/Tproxy4#head-f17bb712222beeb0aa083f02237aad6fdfaa1be2
I have successfully complied kernel:2.6.28.1 and iptables:1.4.3
with tproxy:2.6.25-20080519-165031-1211208631.tar.bz2
What is "tproxy:2.6.25-20080519-165031-1211208631.tar.bz2" ??
It's not part of the Squid TPROXY v4 tools that I know of.
He (Monzur) means,
tproxy-kernel-2.6.25-20080519-165031-1211208631.tar.bz2, for the
support of
NF_CONNTRACK
NETFILTER_TPROXY
NETFILTER_XT_MATCH_SOCKET
NETFILTER_XT_TARGET_TPROXYabove feature in the kernel we patched
above "tproxy-kernelxxx" patch to the kernel.Do you think we should
avoid tproxy-kernel patch for TPROXY v4?
Ah you said you had kernel 2.6.28.
That is a patch for 2.6.25 kernel _only_.
There is no patching needed for kernel 2.6.28, which is why its
listed on the wiki page as recommended minimum version.
If so, how can we will
getNF_CONNTRACK, NETFILTER_TPROXY, NETFILTER_XT_MATCH_SOCKET,
NETFILTER_XT_TARGET_TPROXY in thekernel?
During normal confugure + build sequence of the kernel they should
appear somewhere in the netfilter or iptabels sections of the configure.
If you have that patch in your 2.6.28, you will need to rebuild
without any breakage it may have caused. Thats a good time to do a
reconfigure from clean kernel source.
> >> Now when I run following
ipables commands, all the commands>> running without any problem
except....>> >> iptables 1.4.3 Configuration>> iptables -t mangle -A
PREROUTING -p tcp -m socket -j DIVERT>> >> and error messege shown:>>
>> [root@hpproxy ~]# iptables -t mangle -A PREROUTING -p tcp -m
socket -j DIVERT>> iptables: No chain/target/match by that name. Run
`dmesg' for more information.
[root@hpproxy ~]#
Something is missing from your iptables. Possibly the kernel is not
built with all the new TPROXY options or has not loaded the right
modules. Follow its advice and run dmesg to find out more details.
When we run the command without "-m socket" it's run without error.
Can you please write which
thing are missing in the kernel or iptables software?
The versions listed on the Squid wiki page are missing nothing
important. Should work with vanilla code no patches. Only a kernel and
Squid configuration settings needed during build.
Is this command or option "-m socket" is mandotary to run Squid with
Tproxy support?
Yes it is. Using the correct versions of software and not patching
will fix this issue for you.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
Current Beta Squid 3.1.0.7
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
Current Beta Squid 3.1.0.7
