Hi Squid-users,
I am testing squid+tproxy on my linux box but still can not get the
real source client IP. After i check on cache.log, i get message "
Missing needed capability support. Will continue without tproxy
support"
below is the network diagram:
client PC (browser point to proxy server port
80)<------->squid+tproxy<-------->WAN<------>Web servers
software info:
- patch using cttproxy-2.6.19-2.0.6
- Linux mypc 2.6.19.7 #2 SMP Mon Sep 24 15:42:23 SGT 2007 i686
GNU/Linux and enable tproxy,conntrack, nat on kernel.
CONFIG_IP_NF_TPROXY=y
CONFIG_IP_NF_MATCH_TPROXY=y
CONFIG_IP_NF_TARGET_TPROXY=y
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_NAT_NEEDED=y
# CONFIG_IP_NF_NAT_NRES is not set
CONFIG_IP_NF_NAT_FTP=y
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_CONNTRACK_MARK=y
- echo 1 > /proc/sys/net/ipv4/ip_forward
- echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
- Squid Cache: Version 2.6.STABLE16
configure options: '--enable-cache-digests' '--enable-underscores'
'--enable-async-io' '--enable-storeio=ufs,a
ufs' '--enable-poll' '--with-maxfd=8192' '--enable-dlmalloc'
'--enable-linux-tproxy' '--enable-linux-netfilter'
- added on squid.conf:
http_port 8080 tproxy transparent
tcp_outgoing_address xxx.xxx.xxx.xxx(squid IP server)
via off
forwarded_for off
server_persistent_connections off
- iptable:
#iptables -t tproxy -A PREROUTING -p tcp -m tcp --dport 80 -j TPROXY
--on-port 8080
# iptables -L -t tproxy
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
TPROXY tcp -- anywhere anywhere tcp
dpt:www TPROXY redirect 0.0.0.0:8080
I tried to point my browser to squid server port 80, and seem tproxy
success redirect the request to port 8080. Squid runs as normal. No
error message on cache.log.
Anyone can tell me what does the message " Missing needed capability
support. Will continue without tproxy support" mean and anything wrong
with my testing?
Thanks for advance.
Rgds,
JW
Received on Thu Sep 27 2007 - 03:18:08 MDT
This archive was generated by hypermail pre-2.1.9 : Mon Oct 01 2007 - 12:00:03 MDT