<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.6000.16674" name=GENERATOR></HEAD>
<BODY>
<DIV><SPAN class=378253916-21072008><FONT face=Arial size=2>I
have two quick question about the old cttproxy
patches:</FONT></SPAN></DIV>
<DIV><SPAN class=378253916-21072008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=378253916-21072008><FONT face=Arial size=2>1) is "echo 1 >
/proc/sys/net/ipv4/ip_nonlocal_bind" needed?</FONT></SPAN></DIV>
<DIV><SPAN class=378253916-21072008><FONT face=Arial size=2>2) is only one
iptables rule needed? I am using : "iptables -t tproxy -A PREROUTING -s
10.48.1.0/16 -p tcp -m tcp --dport 80 -j TPROXY --on-port 80 --on-ip 0.0.0.0"
and it is not working. I still see the ip of the squid box, and not the original
client. It seems as though the problem is in iptables somewhere. I am using this
as part of a L3/L4 WCCP/Squid setup and not a bridging
solution.</FONT></SPAN></DIV>
<DIV><SPAN class=378253916-21072008><FONT face=Arial
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=378253916-21072008><FONT face=Arial size=2>I have looked at
multiple tproxy howtos...only one worked, and it was a bridging solution on
Debian. But I am not using Debian, and I can't use a bridging
solution.</FONT></SPAN></DIV></BODY></HTML>