[tproxy] tproxy Digest, Vol 38, Issue 10
Rajesh Yadav
rajesh at icanconnect.com
Fri Aug 29 12:08:04 CEST 2008
Hi -
With all my time I spend on tproxy ... I finally understood one thing clear,
it works fine upto a certain level only in bridge mode. Any other way
(snate,nat,routed) you try ... its unstable. I hve tried it from 2.4 - 2.6
kernel version every where it's the same.
Regards
Rajesh
-----Original Message-----
From: tproxy-bounces at lists.balabit.hu
[mailto:tproxy-bounces at lists.balabit.hu] On Behalf Of
tproxy-request at lists.balabit.hu
Sent: Friday, August 29, 2008 03:30
To: tproxy at lists.balabit.hu
Subject: tproxy Digest, Vol 38, Issue 10
Send tproxy mailing list submissions to
tproxy at lists.balabit.hu
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.balabit.hu/mailman/listinfo/tproxy
or, via email, send a message with subject or body 'help' to
tproxy-request at lists.balabit.hu
You can reach the person managing the list at
tproxy-owner at lists.balabit.hu
When replying, please edit your Subject line so it is more specific
than "Re: Contents of tproxy digest..."
Today's Topics:
1. Re: Clarification on tproxy4 usage (Arun Srinivasan)
2. Re: Clarification on tproxy4 usage (Ming-Ching Tiew)
----------------------------------------------------------------------
Message: 1
Date: Thu, 28 Aug 2008 21:59:48 +0530
From: "Arun Srinivasan" <hi2arun at gmail.com>
Subject: Re: [tproxy] Clarification on tproxy4 usage
To: "Ming-Ching Tiew" <mingching.tiew at redtone.com>
Cc: Tproxy <tproxy at lists.balabit.hu>
Message-ID:
<d9bf4d8c0808280929h31db713frdec717a6e0c8d0a3 at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
I did clear the cache and verified. Also all my iptables policies are
ACCEPT by default. However no luck.
Btw, could you tell me the latest version of tproxy and iptables that
you have verified. So that I could give a shot at it.
Thank you.
2008/8/28 Ming-Ching Tiew <mingching.tiew at redtone.com>:
> Arun Srinivasan wrote:
>> Thanks for the quick response.
>>
>> Yes... the interface name is a typo and it is eth1.
>>
>> Well, as you said, I killed Squid and did what you said. I could see
>> the pkts getting SNATted.
>>
>> Also I don't see any issues with routing/iptables as the setup for
>> normal HTTP interception (no tproxy in squid.conf) works fine.
>>
>> There is also another observation. With tproxy enabled, I could not
>> even connect to a cache_peer that is running on the same host (UML 2).
>> i.e., The squid is configured to connect to another proxy that runs on
>> the same UML 2. But it fails. However, with tproxy disabled, this case
>> also works fine.
>>
>> Any thoughts?
>>
>>
>
> I hope you will not be offended during this troubleshooting
> thingie for an experienced person like you however I am trying
> to rule out every possibility here :-
>
> Did you flush your routing cache when you started without
> SNAT and then later you added SNAT ? ( Most kernels are
> compiled to use cached route ! ).
>
> Also what is your iptables policy - perhaps it's good idea to keep
> policy to ACCEPT in this testing stage. ( Likely that you have
> already done so ).
>
> Regards.
>
> _______________________________________________
> tproxy mailing list
> tproxy at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/tproxy
>
--
Regards,
Arun S.
------------------------------
Message: 2
Date: Fri, 29 Aug 2008 05:50:03 +0800
From: Ming-Ching Tiew <mingching.tiew at redtone.com>
Subject: Re: [tproxy] Clarification on tproxy4 usage
To: Tproxy <tproxy at lists.balabit.hu>
Message-ID: <48B71D8B.10209 at redtone.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Arun Srinivasan wrote:
> I did clear the cache and verified. Also all my iptables policies are
> ACCEPT by default. However no luck.
>
> Btw, could you tell me the latest version of tproxy and iptables that
> you have verified. So that I could give a shot at it.
>
> Thank you.
>
>
/I used iptables-tproxy-200710091749.diff and
tproxy-kernel-2.6.25-20080519-165031-1211208631.tar.bz2
/
------------------------------
_______________________________________________
tproxy mailing list
tproxy at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/tproxy
End of tproxy Digest, Vol 38, Issue 10
**************************************
More information about the tproxy
mailing list