[tproxy] squid, cttproxy, and a redirector script

Wayne Smith packetbl@allofmy.info
Tue, 5 Apr 2005 15:40:32 -0400

Sorry for the self follow up, but a little more info

The workstation that is doing the requesting ends up receiving packets with syn/ack set.  The workstation that did the requesting never actually creates an initial syn packet to the apache server (squid was doing that in it's behalf after getting the response from the redirector script).

What type of packet mangling is required to have the locally produced (but spoofed) syn from squid get its response to occur locally?

Again, I'm hoping I have the right forum.  It's a patched kernel to allow the truly transparent proxy, but it's also a hacked squid to take advantage of that functionality.  As far as I can tell, squid is doing it's job making the connection to apache, but the reply ends up going out the NIC to the workstation instead of being grabbed and thrown back to squid.

Any help appreciated.