[tproxy] tproxy4, kernel 2.6.22 and squid-2.6.stable13
KOVACS Krisztian
hidden at sch.bme.hu
Mon Nov 26 11:48:11 CET 2007
Hi,
On Mon, Nov 26, 2007 at 02:36:20PM +0800, Ming-Ching Tiew wrote:
> From: "Ming-Ching Tiew" <mingching.tiew at redtone.com>
> >
> > Sorry to contradict my ownself. It seems my testing was not quite
> > conclusive.
> > I will report again as soon as I have conclusion. Please ignore my
> previous
> > posts.
> >
>
> OK this is my observation after modifying squid-2.6.STABLE.13 to use
> IP_FREEBIND :-
>
> 1. Transparent tproxy is working without NAT.
>
> 2. When SNAT is done in the nat table POSTROUTING chain, packets
> goes out and comes back using public IP ( tcpdump confirms it )
> however, squid don't seem to be able to get the return packet.
>
> In the tproxy2 case, the packet goes out using spoofed private IP and
> hence unable to route back but there is a patch created by
> Arun which fixes this problem.
>
> In the case of tproxy4 using IP_FREEBIND, I wonder if there is
> someone who can work on an equivalent patch.
First of all, thanks for the nice analysis. It's really helpful.
And yes, a modification of tproxy4 to support NAT is in the way -- it's
just that I did not have time to work on it in the last few weeks. But
it's certainly possible to implement NAT compatibility with tproxy4. (In a
way which is much cleaner than the modifications necessary for tproxy2.)
--
KOVACS Krisztian
More information about the tproxy
mailing list