Re: [squid-users] Flag this message Trouble building Squid with Linux Transparent Proxy support from Amos Jeffries on 2008-07-16 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 17 Jul 2008 04:16:30 +1200

Robert V. Coward wrote:
> Chris Robertson:
> After installing the devel kernel:
>
> yum -y install kernel.i686 kernel-devel.i686
>
> I now have the netfilter header file:
>
> [root_at_squid0 ~]# find /usr/include -name netfilter_ipv4.h
> /usr/include/linux/netfilter_ipv4.h
>
> However I still get errors:
> checking for linux/netfilter_ipv4.h... no
> checking for linux/netfilter_ipv4/ip_tproxy.h... no
>
> Are these just related to the --enable-linux-tproxy option?

Yes. It's only needed for TPROXY v2.2. The v4 pieces are fully
integrated into latest netfilter kernel code. If its present in the
kernel Squid-3/HEAD can use it.

> I also see this:
>
> Linux (Netfilter) Transparent Proxy enabled

Thats the netfilter support being detected. If its current enough to
include the v4 TPROXY you are set.

The real test now comes after starting squid with at least one
"http_port... tproxy" entry.

You will get cache.log messages at "debug_options 89,1" about
interception (DNAT/REDIRECT) and/or transparency (TPROXY)
starting/stopping/failing.

If your kernel is mising TPROXYv4 support you will see messages about
IP_TRANSPARENT failing.

If its going okay you get only the start and stop messages. Maybe some
about interception failing on tproxy requests that I haven't silenced
properly yet.

Amos

>
> Amos Jeffries:
> I'd like to use the lastest verion of TPROXY, that matches my Fedora netfilter version.
>> Those are squids tests for v2.2 support (due to the --enable-tproxy
>> option). If thats the right version of TPROXY you wanted, AND you have
>> patched your kernel correctly prior to building squid, I'll take a look
>> and see why its failing.
> I will try the configure without this option as I would like to tuse TPROXY4+ I guess.
>> If you meant to build with the new TPROXYv4+ support, you will need the
>> 3-HEAD (3.1 beta) code. The -tproxy option only needed to enable v2.2
>> support there.
> So what you are saying is that if I want to use TPROXYv4+, I need to grab the beta code from here:
> http://www.squid-cache.org/Versions/v3/HEAD/
> if I want to get TPROXYv4+? Additionally I do not need to add the -tproxy option when I run the configure?
>
> R

Amos

-- 
Please use Squid 2.7.STABLE3 or 3.0.STABLE7

Received on Wed Jul 16 2008 - 16:16:25 MDT

This archive was generated by hypermail 2.2.0 : Wed Jul 16 2008 - 12:00:04 MDT