LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 03-14-2010, 04:10 AM   #1
linuxsps
LQ Newbie
 
Registered: Mar 2010
Posts: 2

Rep: Reputation: 0
Squid with TPROXY4 transparent - Need help


Hello,

I have fedora 12 with kernal 2.6.31 and squid-3.1.0.14 with the configuration enabled as per the TPROXY4 support:
http://wiki.squid-cache.org/Features/Tproxy4

But while start the SQUID i am getting error as:

2010/03/14 11:04:39| Processing Configuration File: /etc/squid/squid.conf (depth 0)
2010/03/14 11:04:39| Starting IP Spoofing on port [::]:3129
2010/03/14 11:04:39| Disabling Authentication on port [::]:3129 (IP spoofing enabled)
2010/03/14 11:04:39| FATAL: http(s)_port: TPROXY support in the system does not work.
FATAL: Bungled squid.conf line 36: http_port 3129 tproxy

How can i proceed further to make the system with TPROXY support?

Thanks.

Last edited by linuxsps; 03-14-2010 at 05:17 AM.
 
Old 03-14-2010, 10:40 PM   #2
10speed705
Member
 
Registered: May 2009
Location: Ontario Canada
Distribution: debian
Posts: 56

Rep: Reputation: 17
Can you post the contents of squid.conf please
 
Old 03-14-2010, 11:43 PM   #3
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 27,243

Rep: Reputation: 8077Reputation: 8077Reputation: 8077Reputation: 8077Reputation: 8077Reputation: 8077Reputation: 8077Reputation: 8077Reputation: 8077Reputation: 8077Reputation: 8077
Quote:
Originally Posted by linuxsps View Post
Hello,

I have fedora 12 with kernal 2.6.31 and squid-3.1.0.14 with the configuration enabled as per the TPROXY4 support:
http://wiki.squid-cache.org/Features/Tproxy4

But while start the SQUID i am getting error as:

2010/03/14 11:04:39| Processing Configuration File: /etc/squid/squid.conf (depth 0)
2010/03/14 11:04:39| Starting IP Spoofing on port [::]:3129
2010/03/14 11:04:39| Disabling Authentication on port [::]:3129 (IP spoofing enabled)
2010/03/14 11:04:39| FATAL: http(s)_port: TPROXY support in the system does not work.
FATAL: Bungled squid.conf line 36: http_port 3129 tproxy

How can i proceed further to make the system with TPROXY support?

Thanks.
You follow the instructions on the Squid site, or one of the many how-tos for this.
http://wiki.squid-cache.org/Features/Tproxy4
http://www.visolve.com/squid/sqguide.php
 
Old 03-15-2010, 02:25 AM   #4
linuxsps
LQ Newbie
 
Registered: Mar 2010
Posts: 2

Original Poster
Rep: Reputation: 0
Hello,

Thanks a lot for your replies.

I was trying various options to get this work.

I compiled the kernal again by following the instrcutions of the URL
http://wiki.squid-cache.org/Features/Tproxy4

Now the warning message has gone and started working partially.

When I visit the RIPE.NET it shows my PROXY IP address as my ip address

but When I visit whatismyipaddress.com, it shows me both the IP addresses (HOST and PROXY) by mentioning that there is aproxy server in middle.


Also it indicates some test results as:

rDNS FALSE
WIMIA Test FALSE
TOR Test FALSE
Loc Test FALSE
Header Test TRUE
DNSBL Test FALSE


What all these tests stands for? How can I use these tests to achieve a 100% tranparency.

My configuration is as below:


acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 8080 # proxy port
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 3128
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_port 3128
http_port 3129 tproxy
http_port 3130 transparent
hierarchy_stoplist cgi-bin ?
coredump_dir /usr/local/squid/var/cache
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern






Thanks

Last edited by linuxsps; 03-15-2010 at 02:31 AM.
 
Old 04-28-2011, 05:20 AM   #5
esuradi
LQ Newbie
 
Registered: Mar 2008
Posts: 2

Rep: Reputation: 0
Tproxy + Squid

Dears ;

I have Done every single step mentioned in " http://wiki.squid-cache.org/Features/Tproxy4#Feature:_TPROXY_version_4.1.2B-_Support" Howto where i have here fedora core 14 with kernel 2.6.35.12-88
,squid 3.1.10 and IP tables upgraded to 1.4.10 .

i always receive "110 error timeout error" return from squid server .

i cant find the issue . please advice
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem with PPPoE in transperant squid chirag123 Linux - Networking 3 10-21-2008 12:47 AM
How to Configure Transperant Proxy chirag123 Linux - Server 1 09-13-2008 11:11 AM
Squid in transperant mode. c0m4 Linux - Software 2 07-12-2005 04:50 AM
Transperant Proxy and web server on one machine = issue ... sys7em Linux - Networking 2 06-16-2005 03:29 PM
transperant proxy not working saugato Linux - Security 3 03-16-2005 01:30 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 12:41 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration