From: Laszlo Attila Toth
basically you don't need that whole code, only the IP_FREEBIND as you did, plus a bind() call with the address itp.v.addr.faddr.s_addr, port itp.v.addr.fport.
Just want to mention that the problem is fixed by doing a bind after setsockopt(....IP_FREEBIND... ). There are some minor changes in behavior as compared to tproxy2, but overall I would think that the tproxy4 behaviour might be considered more correct ! 1. nat SNAT works. It does not require any further patches. 2. squid.conf directive 'tproxy' has no impact anymore. Squid will spoof or not spoof based on whether it gets the redirected traffic from tproxy table or otherwise, ie if it gets the traffic from nat REDIRECT, then there will be no spoofing. Previously squid will spoof the source IP if the directive 'tproxy' has been configured, regardless of whether it gets the traffic from tproxy or nat REDIRECT.