[tproxy] tproxy4, kernel 2.6.22 and squid-2.6.stable13
Ming-Ching Tiew
mingching.tiew at redtone.com
Thu Dec 6 03:11:05 CET 2007
From: "KOVACS Krisztian" <hidden at sch.bme.hu>
>
> Could you try if applying the attached patch on top of 4.0.3 helps you
> with SNAT? (The patch is completely untested but at the moment I can't do
> any testing.)
>
I have got more conclusive testing results now after doing
further isolation of the problem :-
1. The packet path for SNAT works now.
2. The packet path without SNAT has problem working together
with 'mangle' table OUTPUT chain ( maybe also with other chains
in the mangle table as well).
It happens that I have iptables command which mark the packets
on the OUTPUT chain, then squid will fail to work. If I flush the
entire OUTPUT chain in the mangle table, then squid will work.
However I am doing policy routing, I hope to use the fwmark
to route the packets accordingly.
I guess it is because tproxy is sharing the mark values with all
other packet mark and as soon as something else is making a mark,
it will mess up tproxy ?
Regards
More information about the tproxy
mailing list