Project

General

Profile

Actions

Feature #15628

open

Feature request: Squid 6.6 TPROXY directive GUI option

Added by Jonathan Lee 5 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Squid
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:

Description

Hello fellow redmine community members.

In the older release of squid in 5.8 we could enable tproxy by just changing the HTTP port directives. This is no longer the case with squid 6.6. It must be enabled different way. I’ve learned.

Per squid email support…

TPROXY support has to be enabled by using Squid ./configure parameters

On 2024-07-18 00:25, Jonathan Lee wrote:
How do we enable tproxy in Squid

2024/07/17 21:22:41| Processing: http_port 127.0.0.1:3128 tproxy ...
...
2024/07/17 21:22:41| ERROR: configuration failure: requires TPROXY feature to be enabled by ./configure

As strongly implied by the error message, TPROXY support has to be enabled by using Squid ./configure parameters (among other things). Running ./configure --help does not, unfortunately, contain the word "TPROXY", but searching for "proxy" reveals the following relevant ./configure options:

--enable-ipfw-transparent
Enable Transparent Proxy support for systems using
FreeBSD IPFW-style firewalling.
--enable-ipf-transparent
Enable Transparent Proxy support using
IPFilter-style firewalling
--enable-pf-transparent Enable Transparent Proxy support for systems using
PF network address redirection.
--enable-linux-netfilter
Enable Transparent Proxy support for Linux
(Netfilter)
Show Quoted Content
--enable-ipfw-transparent
Enable Transparent Proxy support for systems using
FreeBSD IPFW-style firewalling.
--enable-ipf-transparent
Enable Transparent Proxy support using
IPFilter-style firewalling
--enable-pf-transparent Enable Transparent Proxy support for systems using
PF network address redirection.
--enable-linux-netfilter
Enable Transparent Proxy support for Linux
(Netfilter)

Pick the one matching your environment and check ./configure output for relevant lines, while keeping in mind that Squid still has a lot of text inconsistencies (e.g., "TPROXY" vs. "tproxy" vs. "Transparent Proxy" vs. "transparent proxying") that require relaxed searching rules. For example:

FreeBSD IPFW-based transparent proxying enabled: no
IPF-based transparent proxying requested: no
PF-based transparent proxying requested: no
IPF-based transparent proxying enabled: no

Searching squid.conf.documented for similar terms may be useful as well.

HTH,

Alex.

Tproxy was never an option on the older package GUI that is included in pfSense but functions. What it does is it mimics the IP address or spoofs it during Traversal of the proxy thus further concealing the proxy and making it more effective. This would be a great feature to add to the pfSense GUI. Again, the Tproxy directive could be enabled and functioned in the squid package 5.8 By manually adapting the squid.conf file.

This is a feature of http_port directive you would replace intercept with keyword tproxy.

No data to display

Actions

Also available in: Atom PDF