[squid-users] tproxy4, squid-2.7.stable6 doesnt work on centos 2.6.30
dear guys, anybody here has experience implement tproxy 4 ( based on patch comes from visolve.com) on squid 2.7 stable 6?. here my configure option '--prefix=/usr/local/squid-tproxy' '--enable-gnuregex' '--enable-carp' '--with-pthreads' '--with-aio' '--with-dl' '--enable-useragent-log' '--enable-referer-log' '--enable-htcp' '--enable-arp-acl' '--enable-cache-digests' '--enable-truncate' '--enable-stacktraces' '--enable-x-accelerator-vary' '--enable-basic-auth-helpers=MSNT,NCSA,YP,getpwnam' '--enable-external-acl-helpers=ip_user,unix_group,wbinfo_group' '--enable-removal-policies=lru,heap' '--enable-auth=basic,ntlm' '--disable-ident-lookups' '--enable-follow-x-forwarded-for' '--enable-large-cache-files' '--enable-async-io' '--with-maxfd=2048000' '--enable-linux-tproxy' '--enable-epoll' '--enable-snmp' '--enable-removal-policies=heap,lru' '--enable-storeio=aufs,coss,diskd,null,ufs' '--enable-ssl' '--with-openssl=/usr/kerberos' '--disable-dependency-tracking' '--with-large-files' '--enable-default-hostsfile=/etc/hosts' I already put http_port tproxy transparent in squid.conf, and also put IP of squid at tcp_outgoing_address option. no error in compiling squid, but when I dump the packet, the squid / linux doesn't spoof the IP. It use the squid box IP address rathern than client IP address. I still can browse normally, but the system doesn't spoof the IP. When I use tproxy4 on squid 3.1, it works. any clue ? Thanks. Johan
Re: [squid-users] tproxy4, squid-2.7.stable6 doesnt work on centos 2.6.30
On Sun, 4 Oct 2009 18:34:11 +0700, johan firdianto johanfi...@gmail.com wrote: dear guys, anybody here has experience implement tproxy 4 ( based on patch comes from visolve.com) on squid 2.7 stable 6?. here my configure option '--prefix=/usr/local/squid-tproxy' '--enable-gnuregex' '--enable-carp' '--with-pthreads' '--with-aio' '--with-dl' '--enable-useragent-log' '--enable-referer-log' '--enable-htcp' '--enable-arp-acl' '--enable-cache-digests' '--enable-truncate' '--enable-stacktraces' '--enable-x-accelerator-vary' '--enable-basic-auth-helpers=MSNT,NCSA,YP,getpwnam' '--enable-external-acl-helpers=ip_user,unix_group,wbinfo_group' '--enable-removal-policies=lru,heap' '--enable-auth=basic,ntlm' '--disable-ident-lookups' '--enable-follow-x-forwarded-for' '--enable-large-cache-files' '--enable-async-io' '--with-maxfd=2048000' '--enable-linux-tproxy' '--enable-epoll' '--enable-snmp' '--enable-removal-policies=heap,lru' '--enable-storeio=aufs,coss,diskd,null,ufs' '--enable-ssl' '--with-openssl=/usr/kerberos' '--disable-dependency-tracking' '--with-large-files' '--enable-default-hostsfile=/etc/hosts' I already put http_port tproxy transparent in squid.conf, and also put IP of squid at tcp_outgoing_address option. no error in compiling squid, but when I dump the packet, the squid / linux doesn't spoof the IP. It use the squid box IP address rathern than client IP address. I still can browse normally, but the system doesn't spoof the IP. When I use tproxy4 on squid 3.1, it works. any clue ? We don't support patched Squid sorry. Check libcap-dev or libcap2-dev are present during build (Squid-2 does not warn when missing). TPROXY4 does not work with tcp_outgoing_addr or the transparent option. Try without those, then if it still does not work contact visolve. Amos
Re: [squid-users] tproxy4, squid-2.7.stable6 doesnt work on centos 2.6.30
Johan, You have missed '--enable-linux-netfilter' option when installing squid. You should use http_port tproxy transparent and do not use tcp_outgoing_address in the squid.conf. Before compiling squid, please make sure libcap-dev is installed. Thanks ViSolve Squid Team johan firdianto wrote: dear guys, anybody here has experience implement tproxy 4 ( based on patch comes from visolve.com) on squid 2.7 stable 6?. here my configure option '--prefix=/usr/local/squid-tproxy' '--enable-gnuregex' '--enable-carp' '--with-pthreads' '--with-aio' '--with-dl' '--enable-useragent-log' '--enable-referer-log' '--enable-htcp' '--enable-arp-acl' '--enable-cache-digests' '--enable-truncate' '--enable-stacktraces' '--enable-x-accelerator-vary' '--enable-basic-auth-helpers=MSNT,NCSA,YP,getpwnam' '--enable-external-acl-helpers=ip_user,unix_group,wbinfo_group' '--enable-removal-policies=lru,heap' '--enable-auth=basic,ntlm' '--disable-ident-lookups' '--enable-follow-x-forwarded-for' '--enable-large-cache-files' '--enable-async-io' '--with-maxfd=2048000' '--enable-linux-tproxy' '--enable-epoll' '--enable-snmp' '--enable-removal-policies=heap,lru' '--enable-storeio=aufs,coss,diskd,null,ufs' '--enable-ssl' '--with-openssl=/usr/kerberos' '--disable-dependency-tracking' '--with-large-files' '--enable-default-hostsfile=/etc/hosts' I already put http_port tproxy transparent in squid.conf, and also put IP of squid at tcp_outgoing_address option. no error in compiling squid, but when I dump the packet, the squid / linux doesn't spoof the IP. It use the squid box IP address rathern than client IP address. I still can browse normally, but the system doesn't spoof the IP. When I use tproxy4 on squid 3.1, it works. any clue ? Thanks. Johan