Hey, Squid supports layer 2+tproxy(WCCP) and I have not got into the depth of this code yet but WCCP clearly states that it should work in L2 which is the mac address. There is the side of the TPROXY interception and the non-local ip:port binding. There are smart and managed switches that will not like more then one ip with the same exact MAC address.. (imagine 8096+++ IP addresses with the same exact mac for the same port on a smart switch with L3 inspection). Eliezer On 18/11/13 14:09, Balazs Scheidler wrote:
it is not dependant on MAC addresses, as it's operating on L3/L4 and not below.
squid must enable setsockopt(IP_TRANSPARENT) on its listener socket in order for the TPROXY destination to find its as a potential listener.
Also, make sure that routing directs the response packet back to the same interface. Check that via tcpdump.