[tproxy] TPROXY on ubuntu not working.
Balazs Scheidler
bazsi at balabit.hu
Mon Nov 18 13:09:40 CET 2013
On Sun, 2013-11-17 at 16:58 +0200, Eliezer Croitoru wrote:
> Hey,
>
> In a case it's related in a way to squid you can pop by squid-users.
> I think you might get some more answers about it.
>
> Also this article can mabye sort couple things (if was not until now)
> http://wiki.squid-cache.org/ConfigExamples/UbuntuTproxy4Wccp2
>
> Eliezer
>
> On 27/08/13 00:01, yash cp wrote:
> > Hello Team,
> >
> > I am trying to configure and use TPROXY as given in the link.
> > http://wiki.squid-cache.org/Features/Tproxy4
> >
> > My setup includes : A Ubuntu machine with one Network card, but two IP
> > addresses ( one of which is virtual or Alias)
> >
> > Real IP: 192.168.150. 10 -- ( interface to the internet)
> > Virtual IP : 192.168.22.5 -- ( interface to the subnet 192.168.22.0/24
> > <http://192.168.22.0/24>)
> >
> > Both the IP's have the same MAC address.
> >
> > When the client( 192.168.22.10) sends connection request, its forwarded
> > to the other port 50001 (Checked with the logs).
> > But the proxy is not responding with SYN-ACK , as a result the
> > connection is not established.
> >
> > I don't know about the internals of the TPROXY. Does it works with
> > matching using IP address and port or with MAC address.
> > Does TPROXY is not supported in this scenario?
> >
it is not dependant on MAC addresses, as it's operating on L3/L4 and not
below.
squid must enable setsockopt(IP_TRANSPARENT) on its listener socket in
order for the TPROXY destination to find its as a potential listener.
Also, make sure that routing directs the response packet back to the
same interface. Check that via tcpdump.
--
Bazsi
More information about the tproxy
mailing list