Hi, On Mon, Nov 26, 2007 at 02:36:20PM +0800, Ming-Ching Tiew wrote:
From: "Ming-Ching Tiew" <mingching.tiew@redtone.com>
Sorry to contradict my ownself. It seems my testing was not quite conclusive. I will report again as soon as I have conclusion. Please ignore my
previous
posts.
OK this is my observation after modifying squid-2.6.STABLE.13 to use IP_FREEBIND :-
1. Transparent tproxy is working without NAT.
2. When SNAT is done in the nat table POSTROUTING chain, packets goes out and comes back using public IP ( tcpdump confirms it ) however, squid don't seem to be able to get the return packet.
In the tproxy2 case, the packet goes out using spoofed private IP and hence unable to route back but there is a patch created by Arun which fixes this problem.
In the case of tproxy4 using IP_FREEBIND, I wonder if there is someone who can work on an equivalent patch.
First of all, thanks for the nice analysis. It's really helpful. And yes, a modification of tproxy4 to support NAT is in the way -- it's just that I did not have time to work on it in the last few weeks. But it's certainly possible to implement NAT compatibility with tproxy4. (In a way which is much cleaner than the modifications necessary for tproxy2.) -- KOVACS Krisztian