[tproxy] Clarification on tproxy4 usage

Ming-Ching Tiew mingching.tiew at redtone.com
Thu Aug 28 00:41:36 CEST 2008

Arun Srinivasan wrote:
> Thanks for the quick response.
> Yes... the interface name is a typo and it is eth1.
> Well, as you said, I killed Squid and did what you said. I could see
> the pkts getting SNATted.
> Also I don't see any issues with routing/iptables as the setup for
> normal HTTP interception (no tproxy in squid.conf) works fine.
> There is also another observation. With tproxy enabled, I could not
> even connect to a cache_peer that is running on the same host (UML 2).
> i.e., The squid is configured to connect to another proxy that runs on
> the same UML 2. But it fails. However, with tproxy disabled, this case
> also works fine.
> Any thoughts?

I hope you will not be offended during this troubleshooting
thingie for an experienced person like you however I am trying
to rule out every possibility here :-

Did you flush your routing cache when you started without
SNAT and then later you added SNAT ? ( Most kernels are
compiled to use cached route ! ).

Also what is your iptables policy - perhaps it's good idea to keep
policy to ACCEPT in this testing stage.  ( Likely that you have
already done so ).


More information about the tproxy mailing list