On Sun, 4 Oct 2009 18:34:11 +0700, johan firdianto <johanfirdi@xxxxxxxxx> wrote: > dear guys, > > anybody here has experience implement tproxy 4 ( based on patch comes > from visolve.com) on squid 2.7 stable 6?. > here my configure option > '--prefix=/usr/local/squid-tproxy' '--enable-gnuregex' '--enable-carp' > '--with-pthreads' '--with-aio' '--with-dl' '--enable-useragent-log' > '--enable-referer-log' '--enable-htcp' '--enable-arp-acl' > '--enable-cache-digests' '--enable-truncate' '--enable-stacktraces' > '--enable-x-accelerator-vary' > '--enable-basic-auth-helpers=MSNT,NCSA,YP,getpwnam' > '--enable-external-acl-helpers=ip_user,unix_group,wbinfo_group' > '--enable-removal-policies=lru,heap' '--enable-auth=basic,ntlm' > '--disable-ident-lookups' '--enable-follow-x-forwarded-for' > '--enable-large-cache-files' '--enable-async-io' > '--with-maxfd=2048000' '--enable-linux-tproxy' '--enable-epoll' > '--enable-snmp' '--enable-removal-policies=heap,lru' > '--enable-storeio=aufs,coss,diskd,null,ufs' '--enable-ssl' > '--with-openssl=/usr/kerberos' '--disable-dependency-tracking' > '--with-large-files' '--enable-default-hostsfile=/etc/hosts' > > I already put http_port tproxy transparent in squid.conf, and also put > IP of squid at tcp_outgoing_address option. > no error in compiling squid, but when I dump the packet, the squid / > linux doesn't spoof the IP. It use the squid box IP address rathern > than client IP address. > I still can browse normally, but the system doesn't spoof the IP. > When I use tproxy4 on squid 3.1, it works. > any clue ? We don't support patched Squid sorry. Check libcap-dev or libcap2-dev are present during build (Squid-2 does not warn when missing). TPROXY4 does not work with tcp_outgoing_addr or the transparent option. Try without those, then if it still does not work contact visolve. Amos
