Hello, Amos, how are you? I just did a test downgrading my kernel to 2.6.30 (downloaded from ftp.kernel.org), using the same kernel .config of the 2.6.37 I was using, and all the same iptables/ebtables/sysctl configuration. TPROXY just began to work perfectly. If I switch again to 2.6.37, everything stops. Can this really be a problem with newer kernel versions? Are there any specific configurations for these newer versions? Anybody here is using squid TPROXY with newer kernels (2.6.36-2.6.37) ? Thanks in advance for your reply and help!! On Mon, Jan 24, 2011 at 11:25 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On Mon, 24 Jan 2011 13:30:05 -0200, Agua Emagrece <aguaemagrece@xxxxxxxxx> > wrote: >> Hello! >> >> I am using: >> >> - Slackware Linux Bridge working fine (eth0 = Internet and eth1 = Users) >> - Latest 2.6.37 kernel >> - Iptables 1.4.9 >> - Ebtables 2.0.9-2 >> - Squid 3.1.10 >> > > The config you have looks fine. There are just a few bits where your > differ from the recommended collective knowledge found at > http://wiki.squid-cache.org/Features/Tproxy4 > > At this part of the page: > > http://wiki.squid-cache.org/Features/Tproxy4#ebtables_on_a_Bridging_device > > It mentions a list of other /proc settings to ensure are turned off. > > It could also be SELinux rules blocking things silently or the particular > libcap version your squid is built against not picking up the privileges to > accept TPROXY connections (3.1 only has a slightly obscure runtime warning > for this). > > <snip> >> >> >> If I delete the ebtables' rules, I can navigate, but without passing >> squid (the connections goes direct). >> >> Am I doing something wrong? Can you point me any discution or >> documentation regarding this issue? >> >> Thank you VERY much in advance for your time and help!! > > Amos >