# Tproxy installation



## foxrever (May 15, 2008)

hi 

I wanted to install and configure Tproxy in my Linux boxes. 
http://www.balabit.com/support/community/products/tproxy/
Those are Fedora 6 and RHEL 5.Can some body help me to install and configure my linux boxes to get activate Tproxy for squid ?

Many thanks
Mark


----------



## Compy386 (Aug 9, 2004)

Hello,

I have limited experience with squid, but I can try and help you out. Please give me some more detail about the exact problem you are having. For instance have you installed squid? Can you get squid to run at all? That sort of information would be great. 

Also let me try and make sure I understand your problem. Tell me if this is correct: You would like help setting up a transparent proxy using squid.

I will do my best to respond once you give me that info  

Good luck!


----------



## foxrever (May 15, 2008)

Hi

In our LAN everyone have access to Internet via a tunnel which is connected to squid proxy. So when someone access Internet his IP goes with the X-Forward for Header.But the external party see the proxy IP.I want to make the IP of the original client specified in the X-Forwarded for header to be appear as the client IP for all the external parties.

I want to know how to how to use tpoxy to create a bridge between squid ipdables to translate the proxy IP to the IP available in X-Forwarded-For Header.

I tried to patch using cttproxy-2.6.20-2.0.6, but didn't work.In the guide it says to run the patch script in /usr/linux but there is not such directory in our OS. OS is RHEL 5 , and i never compiled the kernel form source. 

Many Thanks
Foxrever


----------



## Compy386 (Aug 9, 2004)

Hello,

After doing some more reading it seems that you must patch the kernel sources to have tproxy support built into the kernel for starters. I suspect that the guide which told you to go to /usr/linux really just wanted you to get to the kernel source. In my particular OS that happens to be located in /usr/src/linux. Also, I should note that your OS may not have the kernel source laying around. Once you have the compiled kernel there aren't too many reasons you should need all of the source code. So if you are running precompiled kernels you may not have the source

So unless RHEL has support for tproxy already compiled into their kernel sources I think you will have to download the kernel source, apply the patch, and then build the kernel yourself. How comfortable are you with building the kernel? If you have to do it completely from scratch I imagine it would take a few hours to configure it and then between 10 and 20 minutes to compile depending on how fast your machine is. If your distro has a package manager with packages for the kernel source that is mostly configured I imagine you could get through it much faster. 

Also here is a guide I found (a Gentoo Linux guide, but most of it applies to what you are doing) which gives a bit more detail about what has to be patched: http://fuzzylab00net.blog.dada.net/post/413913/Squid-2.6-+-tproxy-+-bridge-+-gentoo.html

Let me know if that helps  I am happy to help you with the kernel configuration if that is what you need to do. 

Good luck!


----------

