Re: What packages are needed in order to run squid in forward proxy, intercept proxy and TPROXY? from Amos Jeffries on 2013-12-27 (squid-dev)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 28 Dec 2013 17:41:19 +1300

On 28/12/2013 10:21 a.m., Eliezer Croitoru wrote:
> I do see at the configure the output:
> configure: Using epoll for the IO loop.
> checking if setresuid is actually implemented... yes
> checking for constant CMSG_SPACE... yes
> checking if strnstr is well implemented... no
> checking if va_copy is implemented... yes
> checking if __va_copy is implemented... yes
> configure: IPF-based transparent proxying enabled: no
> configure: Support for Netfilter-based interception proxy requested: yes
> configure: WARNING: Missing needed capabilities (libcap 2.09+) for TPROXY
> configure: WARNING: Linux Transparent Proxy (version 4+) support WILL
> NOT be enabled
> configure: WARNING: Reduced support to NAT Interception Proxy
> configure: Linux Netfilter Conntrack support enabled: no
> configure: ZPH QOS enabled: yes
> configure: QOS netfilter mark preservation enabled: no
>
>
> But there is no basic representation that I can see now about Netfilter
> intercept support or ipv6 level support in some levels.

netfilter is not the problem. libcap is not found.

> I do not see any direct relationship between Netfilter basic
> features\support and NAT interception to Linux Netfilter Conntrack yet.
> If there is some connection between them I would be very happy to make
> sure I understand what exactly.

Netfilter supports NAT without anything special required.

When TPROXY has missing dependencies the admin is restricted to only the
intercept/NAT abilities of Squid. The TPROXY settings will not work even
though Squid will build.

>
> Basic squid would be a forward proxy for a simple and small networks.
> If the proxy was meant to do Interception it should be better being
> compiled manually and tested before real implementation.
>
> The build-node information at:
> http://wiki.squid-cache.org/BuildFarm/CentosInstall
>
> Do only support basic build of the proxy software for enterprises With
> these packages:
> yum install libxml2 expat-devel openssl-devel libcap ccache
> libtool-ltdl-devel cppunit cppunit-devel bzr autoconf automake libtool
> clang gcc-c++ perl-Pod-MinimumVersion bzip2 ed make openldap-devel
> pam-devel db4-devel libxml2-devel libcap-devel
>
> The wiki also contains:
> http://wiki.squid-cache.org/KnowledgeBase/CentOS
>
> Which declare that the needed packages are:
> yum install -y perl gcc autoconf automake make sudo wget
> # and some extra packages
> yum install libxml2-devel libcap-devel

This appears not to have been done, or something else is breaking Squid
detection of the library.

> # to bootstrap and build from bzr needs also the packages
> yum install libtool-ltdl-devel
>
> For now on 6.5 there is a need also for the package:
> gcc-c++

Thank you.

Amos
Received on Sat Dec 28 2013 - 04:41:29 MST

This archive was generated by hypermail 2.2.0 : Sat Dec 28 2013 - 12:00:13 MST