[tproxy] TPROXY on ubuntu not working.
Eliezer Croitoru
eliezer at ngtech.co.il
Mon Nov 18 19:05:12 CET 2013
Hey,
Squid supports layer 2+tproxy(WCCP) and I have not got into the depth of
this code yet but WCCP clearly states that it should work in L2 which is
the mac address.
There is the side of the TPROXY interception and the non-local ip:port
binding.
There are smart and managed switches that will not like more then one ip
with the same exact MAC address..
(imagine 8096+++ IP addresses with the same exact mac for the same port
on a smart switch with L3 inspection).
Eliezer
On 18/11/13 14:09, Balazs Scheidler wrote:
> it is not dependant on MAC addresses, as it's operating on L3/L4 and not
> below.
>
> squid must enable setsockopt(IP_TRANSPARENT) on its listener socket in
> order for the TPROXY destination to find its as a potential listener.
>
> Also, make sure that routing directs the response packet back to the
> same interface. Check that via tcpdump.
More information about the tproxy
mailing list