On 28/02/2012 11:53 p.m., parashuram wrote:
On 2/28/2012 3:47 PM, cc wrote:
Hi,
I'm getting:
configure:26480: WARNING: Missing needed capabilities (libcap or
libcap2) for TPROXY
configure:26482: WARNING: Linux Transparent Proxy support WILL NOT be
enabled
configure:26484: WARNING: Reduced support to Interception Proxy
Even i had got these WARNING but I ignored warnings and got compiled
correctly( dont know whether good practice). all u need to do is
change squid.conf http_port 3128 directive to http_port 3128
transparent, with this setup my transparent proxy running fine.
parashuram, the many meanings of the word "transparent" has got up and
bit you.
The port flags which used to be called "transparent" is still accepted
by current Squid for backward compatibility as an alias of "intercept"
(full name "Interception proxy"). "intercept" is the current option
which should be used on NAT interception ports. Some people used to call
those ports "transparent interception proxy", and others wrongly
abbreviate it to "transparent proxy" resulting in bad confusion.
"TPROXY" feature (full name "Transparent Proxy") has a different port
option, "tproxy", for receiving diverted packets. This works only if you
have the security library to get spoofing access to send the packets
back with spoofed IP (for transparent proxy/relay at the TCP/IP level).
Both of you seem to not have that library, so transparent proxy is not
working.
The differences?
- intercept is only invisible to the client. Server can see full
details about the proxy IPs.
- tproxy spoofs the client IP address. Server cannot tell TCP
connections from real client and proxy apart.
* websites such as hotmail or WindowsLive logins doing tricks with
alternative secure TCP connections will work through TPROXY but not NAT.
- intercept uses NAT to alter the packets so they reach Squid. IPv4-only.
- tproxy uses kernel packet delivery functions. IPv4 and IPv6 support.
Amos
