[tproxy] New challenge: a design issue

KOVACS Krisztian hidden at sch.bme.hu
Mon Dec 17 15:19:55 CET 2007


On Thu, Dec 13, 2007 at 02:24:53PM +0800, Ming-Ching Tiew wrote:
> From: "Ming-Ching Tiew" <mingching.tiew at redtone.com>
> > However, in tproxy4 this feature cannot coexist with
> > early spoofing. Either I use squid's tcp_outgoing_address
> > or I used the spoof-ed sender address. And for tproxy users, 
> > spoofing sender address is more important, and therefore 
> > there is no way to use squid's ACL to influence the outgoing 
> > path. All outgoing path decisions will have to be made 
> > external to squid then.
> I think I will work around this problem using TOS then,
> since squid support TOS setting, ie all tcp_outgoing_address
> settings will be ignored and squid will incluence the external
> route using TOS setttings.

Yes, this is clearly the way to go.

KOVACS Krisztian

More information about the tproxy mailing list