firewall and squid running on the same box

Linux Netfilter discussions
 help / color / mirror / Atom feed

* firewall and squid running on the same box
@ 2010-08-02 10:00 Mamadou Touré
  2010-08-02 12:10 ` Marek Kierdelewicz
  0 siblings, 1 reply; 4+ messages in thread
From: Mamadou Touré @ 2010-08-02 10:00 UTC (permalink / raw)
  To: netfilter

Hi all,
On my firewall box i also run squid in transparent mode.
when users access http, they are redirect to the proxy. but the source
ip address is change to the box ip address.
This is normal because the request is made by the proxy.
The problem is that any iptables rules matching the src ip address of
the user will never match. And that corrupt my firewall.
Is there a mean to tell squid not  to change the source ip address ?
I need your help.
regards.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: firewall and squid running on the same box
  2010-08-02 10:00 firewall and squid running on the same box Mamadou Touré
@ 2010-08-02 12:10 ` Marek Kierdelewicz
       [not found]   ` <AANLkTimn488wJ4ih5HnMOwgsKwrjWYvPd_r3skpNi4R+@mail.gmail.com>
  0 siblings, 1 reply; 4+ messages in thread
From: Marek Kierdelewicz @ 2010-08-02 12:10 UTC (permalink / raw)
  To: Mamadou Touré; +Cc: netfilter

>Hi all,

Hi Mamadou,

>On my firewall box i also run squid in transparent mode.
>when users access http, they are redirect to the proxy. but the source
>ip address is change to the box ip address.
>Is there a mean to tell squid not  to change the source ip address ?

Look at tproxy solution:
http://wiki.squid-cache.org/Features/Tproxy4
With this feature source ip address is not changed. I think you may
experience some problems if you wanna do NAT on the very same box.

Regards,
Marek

^ permalink raw reply	[flat|nested] 4+ messages in thread

[parent not found: <AANLkTimn488wJ4ih5HnMOwgsKwrjWYvPd_r3skpNi4R+@mail.gmail.com>]

[parent not found: <20100802201932.051e9963@catus>]

* Re: firewall and squid running on the same box
       [not found]     ` <20100802201932.051e9963@catus>
@ 2010-08-03 23:51       ` Mamadou Touré
       [not found]         ` <20100805122252.62b09f34@catus>
  0 siblings, 1 reply; 4+ messages in thread
From: Mamadou Touré @ 2010-08-03 23:51 UTC (permalink / raw)
  To: Marek Kierdelewicz; +Cc: netfilter

Hi to install tproxy i need libcap2 so i'm trying to install from
source libcap-2.19.
but i got this error when make:
/usr/bin/ld: cannot find -lattr
have you already got this kind of problem.
Not my kernel version is : 2.6.32.11
regards.

2010/8/2 Marek Kierdelewicz <marek@piasta.pl>:
>>Hi
>
> Hi,
>
>> thank you very much.
>
> Glad to be of help :-).
>
>>my box is in bridge mode so the is no NAT.
>
> Great :-).
>
> Regards,
> Maarek
>

^ permalink raw reply	[flat|nested] 4+ messages in thread

[parent not found: <20100805122252.62b09f34@catus>]

* Re: firewall and squid running on the same box
       [not found]         ` <20100805122252.62b09f34@catus>
@ 2010-08-07 22:36           ` Mamadou Touré
  0 siblings, 0 replies; 4+ messages in thread
From: Mamadou Touré @ 2010-08-07 22:36 UTC (permalink / raw)
  To: Marek Kierdelewicz; +Cc: netfilter

Hi,
i've found out the the dependency.
and i' think it run fine. but my content filtering doesn't work.
i'm using squidguard as content filtering program.
Does any one has already implement squid TPROXY and squidguard (or
else content filtering program)
And i've also read that there is bug with tproxy when using kernel 2.6.32.
I'm using kernel 2.6.32.11 does anyone know if this issue has been solved.
I need your help and advices.

regards.

2010/8/5 Marek Kierdelewicz <marek@piasta.pl>:
> Hi,
>
>>Hi to install tproxy i need libcap2 so i'm trying to install from
>>source libcap-2.19.
>>but i got this error when make:
>>/usr/bin/ld: cannot find -lattr
>>have you already got this kind of problem.
>>Not my kernel version is : 2.6.32.11
>
> I didn't experience such problems.
>
> It looks like you're missing some libcap dependency. Look for further
> information in README or INSTALL file in libcap source.
>
> Regards,
> Marek
>

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2010-08-07 22:36 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-08-02 10:00 firewall and squid running on the same box Mamadou Touré
2010-08-02 12:10 ` Marek Kierdelewicz
     [not found]   ` <AANLkTimn488wJ4ih5HnMOwgsKwrjWYvPd_r3skpNi4R+@mail.gmail.com>
     [not found]     ` <20100802201932.051e9963@catus>
2010-08-03 23:51       ` Mamadou Touré
     [not found]         ` <20100805122252.62b09f34@catus>
2010-08-07 22:36           ` Mamadou Touré

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox