[tproxy] tproxy4, kernel 2.6.22 and squid-2.6.stable13

KOVACS Krisztian hidden at sch.bme.hu
Mon Nov 26 11:48:11 CET 2007


On Mon, Nov 26, 2007 at 02:36:20PM +0800, Ming-Ching Tiew wrote:
> From: "Ming-Ching Tiew" <mingching.tiew at redtone.com>
> >
> > Sorry to contradict my ownself. It seems my testing was not quite
> > conclusive.
> > I will report again as soon as I have conclusion. Please ignore my
> previous
> > posts.
> >
> OK this is my observation after modifying squid-2.6.STABLE.13 to use
> 1. Transparent tproxy is working without NAT.
> 2. When SNAT is done in the nat table POSTROUTING chain, packets
>     goes out and comes back using public IP ( tcpdump confirms it )
>     however, squid don't seem to be able to get the return packet.
>     In the tproxy2 case, the packet goes out using spoofed private IP and
>     hence unable to route back but there is a patch created by
>     Arun which fixes this problem.
>     In the case of tproxy4 using IP_FREEBIND, I wonder if there is
>     someone who can work on an equivalent patch.

First of all, thanks for the nice analysis. It's really helpful.

And yes, a modification of tproxy4 to support NAT is in the way -- it's
just that I did not have time to work on it in the last few weeks. But
it's certainly possible to implement NAT compatibility with tproxy4. (In a
way which is much cleaner than the modifications necessary for tproxy2.)

KOVACS Krisztian

More information about the tproxy mailing list