Arun Srinivasan wrote:
Scenario 2: Now am gonna add a SNAT rule on UML 2 to SNAT traffic out through eth1 with src IP 100.100.200.2 Say, iptables -t nat -A POSTROUTING -o eth2 -p tcp --dport 80 -j SNAT --to 100.100.200.2
In this case, the traffic is not hitting the rule that is added.
However, if I remove tproxy related configuration from the UML and Squid, the traffic hits the rule like a charm.
Firstly, I supposed this just a typo, eth2 is supposed to be eth1 ? iptables -t nat -A POSTROUTING -o eth2 -p tcp --dport 80 -j SNAT --to 100.100.200.2 Secondly, I would like to make some suggestion to the testing. Perhaps you could just keep your existing rules but kill squid, and issue the http requests from UML2 and do some sniffing on eth1. This is a simplified test, yet it represents how squid would perform http request on behalf of the client. This test will verify if there is any problem with iptables or routing. By right you should see that the SNAT rule is traversed. Cheers