[tproxy] Clarification on tproxy4 usage
mingching.tiew at redtone.com
Thu Aug 28 00:41:36 CEST 2008
Arun Srinivasan wrote:
> Thanks for the quick response.
> Yes... the interface name is a typo and it is eth1.
> Well, as you said, I killed Squid and did what you said. I could see
> the pkts getting SNATted.
> Also I don't see any issues with routing/iptables as the setup for
> normal HTTP interception (no tproxy in squid.conf) works fine.
> There is also another observation. With tproxy enabled, I could not
> even connect to a cache_peer that is running on the same host (UML 2).
> i.e., The squid is configured to connect to another proxy that runs on
> the same UML 2. But it fails. However, with tproxy disabled, this case
> also works fine.
> Any thoughts?
I hope you will not be offended during this troubleshooting
thingie for an experienced person like you however I am trying
to rule out every possibility here :-
Did you flush your routing cache when you started without
SNAT and then later you added SNAT ? ( Most kernels are
compiled to use cached route ! ).
Also what is your iptables policy - perhaps it's good idea to keep
policy to ACCEPT in this testing stage. ( Likely that you have
already done so ).
More information about the tproxy