Re: [squid-users] Please give a solution - Tproxy

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 08 May 2009 02:53:01 +1200

Monzura Alam wrote:
> Dear Amos,
> Thank you to your suggestion. We have a successfully patching
> tproxy-iptables and tproxy-kernel.

I worry that you are still mentioning patching. Since the supported code
needs none. But if you are getting it to work properly and have tested
that it goes, then okay.

> Then how can i configured WCCP
> configuration in L4 WCCPv2 with GRE interface in my Linux box. It's also
> mention that we have used Centos 5.2 and Squid v3.1.
>

Ah WCCP is another matter entirely. I can point you at the config
examples but must say good luck with it. I have no direct experience to
speak from there and its a tricky subject.
  http://wiki.squid-cache.org/ConfigExamples/Intercept/

Amos

>
> thanks
> Monzur
> ----- Original Message ----- From: "Amos Jeffries" <squid3_at_treenet.co.nz>
> To: "adnan" <adnan_at_citechco.net>
> Cc: "Monzur Md.. Alam" <monzur_at_citechco.net>; <squid-users_at_squid-cache.org>
> Sent: Tuesday, May 05, 2009 7:31 PM
> Subject: Re: [squid-users] Please give a solution - Tproxy
>
>
>> adnan wrote:
>>>
>>> ----- Original Message ----- From: "Amos Jeffries"
>>> <squid3_at_treenet.co.nz>
>>> To: "Monzur Md.. Alam" <monzur_at_citechco.net>
>>> Cc: <squid-users_at_squid-cache.org>
>>> Sent: Monday, May 04, 2009 7:19 PM
>>> Subject: Re: [squid-users] Please give a solution - Tproxy
>>>
>>>
>>>> Monzur Md.. Alam wrote:
>>>>> Dear all,
>>>>>
>>>>> I have gone the the procedure as described at the following URL
>>>>> URL:
>>>>> http://wiki.squid-cache.org/Features/Tproxy4#head-f17bb712222beeb0aa083f02237aad6fdfaa1be2
>>>>>
>>>>>
>>>>> I have successfully complied kernel:2.6.28.1 and iptables:1.4.3
>>>>> with tproxy:2.6.25-20080519-165031-1211208631.tar.bz2
>>>>>
>>>>
>>>> What is "tproxy:2.6.25-20080519-165031-1211208631.tar.bz2" ??
>>>> It's not part of the Squid TPROXY v4 tools that I know of.
>>>
>>> He (Monzur) means,
>>> tproxy-kernel-2.6.25-20080519-165031-1211208631.tar.bz2, for the
>>> support of
>>> NF_CONNTRACK
>>> NETFILTER_TPROXY
>>> NETFILTER_XT_MATCH_SOCKET
>>> NETFILTER_XT_TARGET_TPROXYabove feature in the kernel we patched
>>> above "tproxy-kernelxxx" patch to the kernel.Do you think we should
>>> avoid tproxy-kernel patch for TPROXY v4?
>>
>> Ah you said you had kernel 2.6.28.
>> That is a patch for 2.6.25 kernel _only_.
>>
>> There is no patching needed for kernel 2.6.28, which is why its
>> listed on the wiki page as recommended minimum version.
>>
>>
>> If so, how can we will
>>> getNF_CONNTRACK, NETFILTER_TPROXY, NETFILTER_XT_MATCH_SOCKET,
>>> NETFILTER_XT_TARGET_TPROXY in thekernel?
>>
>> During normal confugure + build sequence of the kernel they should
>> appear somewhere in the netfilter or iptabels sections of the configure.
>>
>> If you have that patch in your 2.6.28, you will need to rebuild
>> without any breakage it may have caused. Thats a good time to do a
>> reconfigure from clean kernel source.
>>
>>
>>> > >> Now when I run following
>>> ipables commands, all the commands>> running without any problem
>>> except....>> >> iptables 1.4.3 Configuration>> iptables -t mangle -A
>>> PREROUTING -p tcp -m socket -j DIVERT>> >> and error messege shown:>>
>>> >> [root_at_hpproxy ~]# iptables -t mangle -A PREROUTING -p tcp -m
>>> socket -j DIVERT>> iptables: No chain/target/match by that name. Run
>>> `dmesg' for more information.
>>>>> [root_at_hpproxy ~]#
>>>>
>>>> Something is missing from your iptables. Possibly the kernel is not
>>>> built with all the new TPROXY options or has not loaded the right
>>>> modules. Follow its advice and run dmesg to find out more details.
>>>>
>>>
>>> When we run the command without "-m socket" it's run without error.
>>> Can you please write which
>>> thing are missing in the kernel or iptables software?
>>
>> The versions listed on the Squid wiki page are missing nothing
>> important. Should work with vanilla code no patches. Only a kernel and
>> Squid configuration settings needed during build.
>>
>>> Is this command or option "-m socket" is mandotary to run Squid with
>>> Tproxy support?
>>
>> Yes it is. Using the correct versions of software and not patching
>> will fix this issue for you.
>>
>>
>> Amos
>> --
>> Please be using
>> Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
>> Current Beta Squid 3.1.0.7
>

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
   Current Beta Squid 3.1.0.7
Received on Thu May 07 2009 - 14:53:10 MDT

This archive was generated by hypermail 2.2.0 : Thu May 07 2009 - 12:00:02 MDT