[tproxy] tproxy4, kernel 2.6.22 and squid-2.6.stable13

Ming-Ching Tiew mingching.tiew at redtone.com
Fri Nov 23 02:59:53 CET 2007


From: Laszlo Attila Toth

>
> basically you don't need that whole code, only the IP_FREEBIND as you
> did, plus a bind() call with the address itp.v.addr.faddr.s_addr, port
> itp.v.addr.fport.
>
Just want to mention that the problem is fixed by doing a bind after
setsockopt(....IP_FREEBIND... ).

There are some minor changes in behavior  as compared to tproxy2, but
overall I would think that the tproxy4 behaviour might be considered more
correct !


1. nat SNAT works. It does not require any further patches.

2. squid.conf directive 'tproxy' has no impact anymore.

    Squid will spoof or not spoof based on whether it gets the redirected
    traffic from tproxy table or otherwise, ie if it gets the traffic from
nat
    REDIRECT, then there will be no spoofing.

    Previously squid will spoof the source IP if the directive 'tproxy' has
    been configured, regardless of whether it gets the traffic from tproxy
    or nat REDIRECT.




More information about the tproxy mailing list