[tproxy] squid, cttproxy, and a redirector script
Mon, 11 Apr 2005 08:56:24 -0400
> This seems to be the effect of a limitation of the tproxy kernel
>patch: source address faking does not work for traffic sent to
>localhost. Unfortunately I don't know of any quick fix for that problem,
>so you're left with two choices:
> * you try to configure Squid so that it doesn't try to fake the
> source address when connecting to the apache running on
> * you move the apache serving the cached update files to a
> separate machine
> I don't know whether or not the first option can be done with the
>current Squid patch, but it would be a useful feature to avoid problems
>like this one.
> Krisztian Kovacs
While I started coding C about 12 years ago, that was on DOS and it didn't involve TCP sockets ;) If I had more time and a more capable background, I'd probably try to hack squid to not spoof the IP when using the redirector, but...
I couldn't (easily or cost effectively) have the apache server outside the squid box. So, after racking my brain (and before getting responses from the folks on the list), came up with a simple solution in the redir.pl script
"301:" by the URL... yep, a simple object moved. This gets back to the client allowing it to make the necessary incoming connection.
So, if you are doing the truly transparent proxy thing and looking to use windowsupdate_cache script, you might want to modify redir.pl to include 301: with the response it gives to squid. After around 15 hours or solve of tracking and troubleshooting, a copy of vi and about 10 keystrokes would have covered it.
If I ever don't have enough sleep (and therefore forget what's currently impossible with my (lack of) coding skills), I might give making a patch for squid a try.
Thanks for all the replies back. I hope my answer in the archives helps somebody else out. If it does, I'd love an email to here how other folks are fairing with squid and tproxy.
Wayne, fugitive from the cubile police