[Bug 115475] Re: tproxy support (iptables & squid)
** Changed in: squid3 (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid3 in Ubuntu. https://bugs.launchpad.net/bugs/115475 Title: tproxy support (iptables & squid) To manage notifications about this bug go to: https://bugs.launchpad.net/squid/+bug/115475/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 115475] Re: tproxy support (iptables & squid)
i need to configure the ip tables but don't know how if the squid is not a router and a bridge. my topology is: internet > mikrotik > client & squid using the same network i keep getting the same error if i ran to 3129 (tproxy), but it's fine with 3128 (not tproxy) --- The following error was encountered while trying to retrieve the URL: http://www.haryono.co.id/chronic Connection to 192.168.1.178 failed. The system returned: (110) Connection timed out The remote host or network may be down. Please try the request again. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid3 in Ubuntu. https://bugs.launchpad.net/bugs/115475 Title: tproxy support (iptables & squid) To manage notifications about this bug go to: https://bugs.launchpad.net/squid/+bug/115475/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 115475] Re: tproxy support (iptables & squid)
i checked through mikrotik routeros, when the client accessing internet, it used the squid ip address (192.168.1.142), not the client (192.168.3.97). the squid is running the latest version of ubuntu 11.10 oneiric with your squid patch. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid3 in Ubuntu. https://bugs.launchpad.net/bugs/115475 Title: tproxy support (iptables & squid) To manage notifications about this bug go to: https://bugs.launchpad.net/squid/+bug/115475/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 115475] Re: tproxy support (iptables & squid)
Even if it's only fixed in 3.2, can you provide a version number where it's definitely fixed? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid3 in Ubuntu. https://bugs.launchpad.net/bugs/115475 Title: tproxy support (iptables & squid) To manage notifications about this bug go to: https://bugs.launchpad.net/squid/+bug/115475/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 115475] Re: tproxy support (iptables & squid)
You should not have to recompile the kernel if its accepting connections through TPROXY properly. Double-check the IPs squid is identifying as the client IP though to make sure that arrival is happening correctly. We found a small bit alignment bug in the 3.2 series not setting the spoof flag correctly on some systems, which caused this same behaviour. I thought 3.1 was okay but I will take a closer look later today to double check whether 3.1 has a similar regression. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid3 in Ubuntu. https://bugs.launchpad.net/bugs/115475 Title: tproxy support (iptables & squid) To manage notifications about this bug go to: https://bugs.launchpad.net/squid/+bug/115475/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 115475] Re: tproxy support (iptables & squid)
2011/12/14 21:00:41| Starting Squid Cache version 3.1.15 for i686-pc-linux-gnu... 2011/12/14 21:00:41| Process ID 2452 2011/12/14 21:00:41| With 65535 file descriptors available 2011/12/14 21:00:41| Initializing IP Cache... 2011/12/14 21:00:41| DNS Socket created at [::], FD 7 2011/12/14 21:00:41| DNS Socket created at 0.0.0.0, FD 8 2011/12/14 21:00:41| Adding nameserver 192.168.3.1 from /etc/resolv.conf 2011/12/14 21:00:41| Unlinkd pipe opened on FD 13 2011/12/14 21:00:41| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2011/12/14 21:00:41| Store logging disabled 2011/12/14 21:00:41| Swap maxSize 0 + 262144 KB, estimated 20164 objects 2011/12/14 21:00:41| Target number of buckets: 1008 2011/12/14 21:00:41| Using 8192 Store buckets 2011/12/14 21:00:41| Max Mem size: 262144 KB 2011/12/14 21:00:41| Max Swap size: 0 KB 2011/12/14 21:00:41| Using Least Load store dir selection 2011/12/14 21:00:41| Set Current Directory to /var/spool/squid3 2011/12/14 21:00:41| Loaded Icons. 2011/12/14 21:00:41| Accepting spoofing HTTP connections at [::]:3129, FD 14. 2011/12/14 21:00:41| Accepting HTTP connections at [::]:3128, FD 15. 2011/12/14 21:00:41| HTCP Disabled. 2011/12/14 21:00:41| Squid plugin modules loaded: 0 2011/12/14 21:00:41| Adaptation support is off. 2011/12/14 21:00:41| Ready to serve requests. 2011/12/14 21:00:42| storeLateRelease: released 0 objects it's accepting spoofing connection but could not spoof the ip, i guess i have to recompile the kernel from source. hope it works tomorrow! woohoo! -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid3 in Ubuntu. https://bugs.launchpad.net/bugs/115475 Title: tproxy support (iptables & squid) To manage notifications about this bug go to: https://bugs.launchpad.net/squid/+bug/115475/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 115475] Re: tproxy support (iptables & squid)
i'm sorry for this long testing your package Amos, didn't have the time to play with. i'm using oneiric and your squid3 package right now. started squid with http_port 3128 and http_port 3129 tproxy. i assume do we have to compile the kernel for oneiric? or is it support out of the box? i will try to compile the kernel tomorrow, and should i need to recompile iptables too? i only want to use it as not transaparent, but has the ability to ip spoofing ip client to mikrotik router only. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid3 in Ubuntu. https://bugs.launchpad.net/bugs/115475 Title: tproxy support (iptables & squid) To manage notifications about this bug go to: https://bugs.launchpad.net/squid/+bug/115475/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 115475] Re: tproxy support (iptables & squid)
TPROXY support has been integrated upstream in the upcoming Squid 3.1, iptables 1.4.3, and kernel 2.6.28. Keen testers are invited to locate the latest code for each of the three and provide feedback on how it goes. Should now be a simple matter of finding the right build options and configuration settings. ** Also affects: squid Importance: Undecided Status: New ** Changed in: squid3 (Ubuntu) Sourcepackagename: squid => squid3 Assignee: (unassigned) => Amos Jeffries (squid3) Status: Triaged => In Progress -- tproxy support (iptables & squid) https://bugs.launchpad.net/bugs/115475 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 115475] Re: tproxy support (iptables & squid)
this tproxy support out of the box would be excellent addition to ubuntu server! i'm newbie and for me it's too hard to patch kernel and iptables in order to make the tproxy works. i need the ipspoofing from tproxy so that the squid will forward the ip client address to the router therefore the bandwidth management in router will still be able to do its work. but if the squid transfer the client request with its proxy ip address, then the bandwidth management will fail. -- tproxy support (iptables & squid) https://bugs.launchpad.net/bugs/115475 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 115475] Re: tproxy support (iptables & squid)
Developers at the recent netfilter summit "concluded" that patch-o-matic was likely to go away, though tproxy development looks interesting. ** Changed in: iptables (Ubuntu) Importance: Undecided => Wishlist -- tproxy support (iptables & squid) https://bugs.launchpad.net/bugs/115475 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 115475] Re: tproxy support (iptables & squid)
Probably too late for intrepid. Sorry will revisit again for jaunty. Regards chuck ** Changed in: squid (Ubuntu) Importance: Undecided => Wishlist Status: New => Triaged -- tproxy support (iptables & squid) https://bugs.launchpad.net/bugs/115475 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 115475] Re: tproxy support (iptables & squid)
** Changed in: squid (Debian) Status: Unknown => New -- tproxy support (iptables & squid) https://bugs.launchpad.net/bugs/115475 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 115475] Re: tproxy support (iptables & squid)
** Summary changed: - any chance for iptables TPROXY module? + tproxy support (iptables & squid) ** Description changed: - Binary package hint: iptables - - This is a table which makes building squid as an invisible acceleration - proxy possible. Currently you have to alter your network topology to - plug squid in like that, but with this module the squid box becomes an - invisible bridge (not even traceroute can find it). It is available in - patch-o-matic and would be very handy. + tproxy is a module which makes building squid as an invisible + acceleration proxy possible. Currently you have to alter your network + topology to plug squid in like that, but with this module the squid box + becomes an invisible bridge (not even traceroute can find it). It is + available in patch-o-matic and would be very handy. ** Bug watch added: Debian Bug tracker #398970 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=398970 ** Also affects: squid (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=398970 Importance: Unknown Status: Unknown ** Also affects: squid (Ubuntu) Importance: Undecided Status: New -- tproxy support (iptables & squid) https://bugs.launchpad.net/bugs/115475 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to squid in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs