[tproxy] Clarification on tproxy4 usage
Arun Srinivasan
hi2arun at gmail.com
Thu Aug 28 18:29:48 CEST 2008
I did clear the cache and verified. Also all my iptables policies are
ACCEPT by default. However no luck.
Btw, could you tell me the latest version of tproxy and iptables that
you have verified. So that I could give a shot at it.
Thank you.
2008/8/28 Ming-Ching Tiew <mingching.tiew at redtone.com>:
> Arun Srinivasan wrote:
>> Thanks for the quick response.
>>
>> Yes... the interface name is a typo and it is eth1.
>>
>> Well, as you said, I killed Squid and did what you said. I could see
>> the pkts getting SNATted.
>>
>> Also I don't see any issues with routing/iptables as the setup for
>> normal HTTP interception (no tproxy in squid.conf) works fine.
>>
>> There is also another observation. With tproxy enabled, I could not
>> even connect to a cache_peer that is running on the same host (UML 2).
>> i.e., The squid is configured to connect to another proxy that runs on
>> the same UML 2. But it fails. However, with tproxy disabled, this case
>> also works fine.
>>
>> Any thoughts?
>>
>>
>
> I hope you will not be offended during this troubleshooting
> thingie for an experienced person like you however I am trying
> to rule out every possibility here :-
>
> Did you flush your routing cache when you started without
> SNAT and then later you added SNAT ? ( Most kernels are
> compiled to use cached route ! ).
>
> Also what is your iptables policy - perhaps it's good idea to keep
> policy to ACCEPT in this testing stage. ( Likely that you have
> already done so ).
>
> Regards.
>
> _______________________________________________
> tproxy mailing list
> tproxy at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/tproxy
>
--
Regards,
Arun S.
More information about the tproxy
mailing list