[tproxy] tproxy4, kernel 2.6.22 and squid-2.6.stable13
Ming-Ching Tiew
mingching.tiew at redtone.com
Fri Nov 23 02:59:53 CET 2007
From: Laszlo Attila Toth
>
> basically you don't need that whole code, only the IP_FREEBIND as you
> did, plus a bind() call with the address itp.v.addr.faddr.s_addr, port
> itp.v.addr.fport.
>
Just want to mention that the problem is fixed by doing a bind after
setsockopt(....IP_FREEBIND... ).
There are some minor changes in behavior as compared to tproxy2, but
overall I would think that the tproxy4 behaviour might be considered more
correct !
1. nat SNAT works. It does not require any further patches.
2. squid.conf directive 'tproxy' has no impact anymore.
Squid will spoof or not spoof based on whether it gets the redirected
traffic from tproxy table or otherwise, ie if it gets the traffic from
nat
REDIRECT, then there will be no spoofing.
Previously squid will spoof the source IP if the directive 'tproxy' has
been configured, regardless of whether it gets the traffic from tproxy
or nat REDIRECT.
More information about the tproxy
mailing list