[squid-users] linux-2.6.19.1 TPROXY with Squid-2.6.stable5 not working

From: Logu <[email protected]>
Date: Fri, 12 Jan 2007 13:15:05 +0530

Hi,

I have compiled the linux-2.6.19.1 kernel and iptables-1.3.7 after patching
them with the tproxy support. (
http://www.balabit.com/downloads/tproxy/linux-2.6/cttproxy-2.6.19-2.0.6.tar.gz).
And I have compiled squid-2.6STABLE5 after enabling tproxy support. But I am
not able to successfully configure the tproxy feature in my cache.

The squid.conf entries are as follows
    http_port 3128 transparent tproxy

Kernel setting:
    net.ipv4.ip_forward = 1
    net.ipv4.ip_nonlocal_bind= 1

iptables rules:
    iptables -t tproxy -A PREROUTING -p tcp -d ! 172.16.1.57(cache box
P) --dport 80 -j TPROXY --on-port 3128

But this setup behaves just like the ordinary transparent proxy and the
source IP address of the requests going from the proxy still have the IP of
the cache box instead of the Client IP. And I get a cache.log entry saying
    tproxy ip=172.16.1.32,0x200110ac,port=0 ERROR ASSIGN

But when I add the following entry to squid.conf, I get timeout error on the
client after trying for long time.
    tcp_outgoing_address 172.16.1.57 #(ip of the cache box).

Is this configuration (tcp_outgoing_address) a necessary one for the tproxy
setting..

What does the error "tproxy ip=172.16.1.32,0x200110ac,port=0 ERROR ASSIGN"
mean. I understand that this error occurs on the setsockopt() system call
with EINVAL. What is the most probable cause of the error,. kernel related ,
application related or a misconfiguration on squid.

Any clues on this will be a great help.

Thanks
-logu
Received on Fri Jan 12 2007 - 00:45:32 MST

This archive was generated by hypermail pre-2.1.9 : Thu Feb 01 2007 - 12:00:01 MST