cttproxy + Squid 2.6 - squid

This is a discussion on cttproxy + Squid 2.6 - squid ; Hi everyone, I am trying to get squid 2.6 + cttproxy to work on a transparently bridged environment, with scarce results. The bridging works fine, squid is compiled with tproxy support . and has the following directives ( among the ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: cttproxy + Squid 2.6

  1. cttproxy + Squid 2.6

    Hi everyone,

    I am trying to get squid 2.6 + cttproxy to work on a transparently
    bridged environment, with scarce results.

    The bridging works fine, squid is compiled with tproxy support .

    and has the following directives ( among the others):

    http_port 3128 transparent tproxy vhost vport=80
    always_direct allow all

    I enable the redirection as follows:

    ebtables -t broute -A BROUTING -p IPv4 --ip-protocol-6
    --ip-destination-port 80 -j redirect --redirect-target ACCEPT
    iptables -t tproxy -A PREROUTING -i br0 -p tcp --dport 80 -j TPROXY
    --on-port 3128

    However Squid doesnt seem to able to spoof the original IP:

    all i get is a bunch of:

    2006/09/13 01:01:55| tproxy ip=10.0.0.200,0xc800000a,port=0 ERROR
    ASSIGN
    2006/09/13 01:01:55| tproxy ip=10.0.0.200,0xc800000a,port=0 ERROR
    ASSIGN
    2006/09/13 01:01:55| tproxy ip=10.0.0.200,0xc800000a,port=0 ERROR
    ASSIGN
    2006/09/13 01:03:16| tproxy ip=10.0.0.200,0xc800000a,port=0 ERROR
    ASSIGN
    2006/09/13 01:03:29| tproxy ip=10.0.0.200,0xc800000a,port=0 ERROR
    ASSIGN

    The br0 interface has an ip assigned of 10.0.0.254 in the same subnet
    of 10.0.0.200 ( the client ).

    Did any one get squid+cttproxy to work on a bridge ? What am I missing
    ?

    thanks for your answer,

    Enrico


  2. Re: cttproxy + Squid 2.6

    Hi Everyone,

    for the record I found out that for cttproxy to accept the ASSIGN .
    it's necessary to set the configuration option tcp_outgoing_address

    tcp_outgoing_address seems to be 0.0.0.0 if not set explicitly and
    causes the ASSIGN ioctl to fail and the ERROR_ASSIGN message.

    It might be useful to shoot out a warning when tcp_outgoing_address is
    0 and tproxy is used.

    - Enrico

    enricod@videotron.ca wrote:
    > Hi everyone,
    >
    > I am trying to get squid 2.6 + cttproxy to work on a transparently
    > bridged environment, with scarce results.
    >
    > The bridging works fine, squid is compiled with tproxy support .
    >
    > and has the following directives ( among the others):
    >
    > http_port 3128 transparent tproxy vhost vport=80
    > always_direct allow all
    >
    > I enable the redirection as follows:
    >
    > ebtables -t broute -A BROUTING -p IPv4 --ip-protocol-6
    > --ip-destination-port 80 -j redirect --redirect-target ACCEPT
    > iptables -t tproxy -A PREROUTING -i br0 -p tcp --dport 80 -j TPROXY
    > --on-port 3128
    >
    > However Squid doesnt seem to able to spoof the original IP:
    >
    > all i get is a bunch of:
    >
    > 2006/09/13 01:01:55| tproxy ip=10.0.0.200,0xc800000a,port=0 ERROR
    > ASSIGN
    > 2006/09/13 01:01:55| tproxy ip=10.0.0.200,0xc800000a,port=0 ERROR
    > ASSIGN
    > 2006/09/13 01:01:55| tproxy ip=10.0.0.200,0xc800000a,port=0 ERROR
    > ASSIGN
    > 2006/09/13 01:03:16| tproxy ip=10.0.0.200,0xc800000a,port=0 ERROR
    > ASSIGN
    > 2006/09/13 01:03:29| tproxy ip=10.0.0.200,0xc800000a,port=0 ERROR
    > ASSIGN
    >
    > The br0 interface has an ip assigned of 10.0.0.254 in the same subnet
    > of 10.0.0.200 ( the client ).
    >
    > Did any one get squid+cttproxy to work on a bridge ? What am I missing
    > ?
    >
    > thanks for your answer,
    >
    > Enrico



+ Reply to Thread