Compiling the kernel is without a problem and the modules are loaded ok; dmesg output; ip_tables: (C) 2000-2006 Netfilter Core Team [ 150.759997] NF_TPROXY: Transparent proxy support initialized, version 4.1.0 [ 150.760000] NF_TPROXY: Copyright (c) 2006-2007 BalaBit IT Ltd. Issue is, the documentation <http://wiki.squid-cache.org/Features/Tproxy4> looks rather straight forward but it does not run as expected and no error are logged. I even had libcap2 and libcap2-dev installed as advised here as a prerequisite <http://www.pubbs.net/squid/200905/102892/> but still no success. That is why I needed to know if anyone has it working because I have tried from documentation given without success. -----Original Message----- From: Patrick Kariuki <patrick.kariuki@gmail.com> Reply-to: Skunkworks forum <skunkworks@lists.my.co.ke> To: Skunkworks forum <skunkworks@lists.my.co.ke> Subject: Re: [Skunkworks] Squid with tproxy option Date: Fri, 26 Jun 2009 17:26:11 +0300 According to http://wiki.squid-cache.org/Features/Tproxy4 the Kernel building part looks messy, if you could get there first, then post the error messages you get, would help. On 6/26/09, Alex Nderitu <nderitualex@gmail.com> wrote:

Anyone on the list who has managed to have IP Spoofing on squid with tproxy?

My environment; Ubuntu 9.04 server Kernel - 2.6.28-11-server iptables v1.4.3.2 squid-3.1.0.6

-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.

_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general

_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks Other services @ http://my.co.ke Other lists ------------- Skunkworks announce: http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks-announce Science - http://lists.my.co.ke/cgi-bin/mailman/listinfo/science kazi - http://lists.my.co.ke/cgi-bin/mailman/admin/kazi/general -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.

On Sat, Jun 27, 2009 at 12:33 PM, aki <aki275@googlemail.com> wrote:

Alex, I made tpoxy work with freebsd work about 2 years ago but that will not help you as my memory is rustic on this subject. Trick was to create firewall rules to trap on port 80. then force caching thru squid with diverts. Change squid port from 8080 to 80. I think best way is to run a port log on firewall and see where the packets are going. HTHs.

Aki, I think you mean "transparent proxy" and not "tproxy". The later is only available on FreeBSD since 7.2-RELEASE with some MFCed patches from 8.0-CURRENT. In 8.0-CURRENT, there is native tproxy support. Linux guys have always had tproxy all this time though. For Alex Nderitu, please try to follow Adrian Chadd's notes on lusca-users and see if that helps. Lusca is just his branched off squid anyway (formerly Cacheboy). -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "If you have nothing good to say about someone, just shut up!." -- Lucky Dube