Feature #15628
openFeature request: Squid 6.6 TPROXY directive GUI option
0%
Description
Hello fellow redmine community members.
In the older release of squid in 5.8 we could enable tproxy by just changing the HTTP port directives. This is no longer the case with squid 6.6. It must be enabled different way. I’ve learned.
Per squid email support…
TPROXY support has to be enabled by using Squid ./configure parameters
On 2024-07-18 00:25, Jonathan Lee wrote:
How do we enable tproxy in Squid
2024/07/17 21:22:41| Processing: http_port 127.0.0.1:3128 tproxy ...
...
2024/07/17 21:22:41| ERROR: configuration failure: requires TPROXY feature to be enabled by ./configure
As strongly implied by the error message, TPROXY support has to be enabled by using Squid ./configure parameters (among other things). Running ./configure --help does not, unfortunately, contain the word "TPROXY", but searching for "proxy" reveals the following relevant ./configure options:
--enable-ipfw-transparent
Enable Transparent Proxy support for systems using
FreeBSD IPFW-style firewalling.
--enable-ipf-transparent
Enable Transparent Proxy support using
IPFilter-style firewalling
--enable-pf-transparent Enable Transparent Proxy support for systems using
PF network address redirection.
--enable-linux-netfilter
Enable Transparent Proxy support for Linux
(Netfilter)
Show Quoted Content
--enable-ipfw-transparent
Enable Transparent Proxy support for systems using
FreeBSD IPFW-style firewalling.
--enable-ipf-transparent
Enable Transparent Proxy support using
IPFilter-style firewalling
--enable-pf-transparent Enable Transparent Proxy support for systems using
PF network address redirection.
--enable-linux-netfilter
Enable Transparent Proxy support for Linux
(Netfilter)
Pick the one matching your environment and check ./configure output for relevant lines, while keeping in mind that Squid still has a lot of text inconsistencies (e.g., "TPROXY" vs. "tproxy" vs. "Transparent Proxy" vs. "transparent proxying") that require relaxed searching rules. For example:
FreeBSD IPFW-based transparent proxying enabled: no
IPF-based transparent proxying requested: no
PF-based transparent proxying requested: no
IPF-based transparent proxying enabled: no
Searching squid.conf.documented for similar terms may be useful as well.
HTH,
Alex.
Tproxy was never an option on the older package GUI that is included in pfSense but functions. What it does is it mimics the IP address or spoofs it during Traversal of the proxy thus further concealing the proxy and making it more effective. This would be a great feature to add to the pfSense GUI. Again, the Tproxy directive could be enabled and functioned in the squid package 5.8 By manually adapting the squid.conf file.
This is a feature of http_port directive you would replace intercept with keyword tproxy.
No data to display