[tproxy] SQUID+TPROXY for assymetric routes

John Lauro john.lauro at covenanteyes.com
Wed Sep 18 14:24:35 CEST 2013 

That could be useful for matching flow records / auditing, but for your case it doesn't matter, even if the ports were kept the same the sequence numbers would get off and the stream would break as soon as something is/isn't in the cache (probably sooner from header changes).  The connection must be terminated on the TPROXY box.

Two options:
  1. Have TPROXY resend the requests with it's IP instead of keeping the client IP.  As the client IP is on a private net anyways (10.10.175.111), might as well, little reason to try to preserve a private IP, you will have private IP logs from SQUID...
  2. Have router2 route the opposite back through TPROXY as router1 did.  IE:  If router1 is routing destination port 80 via TPROXY, have router2 route source port 80 via TPROXY also.



----- Original Message -----
> From: "Henry Pootel" <Henry.Pootel at regall.net>
> To: tproxy at lists.balabit.hu
> Sent: Wednesday, September 18, 2013 5:45:53 AM
> Subject: [tproxy] SQUID+TPROXY for assymetric routes
> 
> Hello.
> 
> I've a scheme
> 
> +--------+      +---------+        +---------+      +-----+
> | client |------| router1 |--------| router2 |------| web |
> +--------+      +----+----+        +----+----+      +-----+
>                       |                  |
>                       |                  |
>                       |   +--------+     |
>                       +---| TPROXY |-----+
>                           +--------+
> 
> 
> client IP: 10.10.175.111
> web IP: 5.5.5.5
> 
> The routing is assymetric.
> Packets from "client" to "web" is go through TPROXY, but from
> "web" is go directly through "router2" and "router1".
> 
> The "TPROXY" is an OpenSuSE 12.3 linux computer with Squid 3.2.11 and
> TPROXY v4.1.0 with kernel Linux 3.7.10-1.16-default.
> 
> I've attached a diff of tshark dumps of client oungoing and web
> incoming trafics.
> My problem is a changing source port on "TPROXY".
> 
> Is the source port may be changed by squid+tproxy? Can I forbid it
> and keep client's
> source port like as client's IP?
> 
> 
> Thanks,
> Henry
> 
> _______________________________________________
> tproxy mailing list
> tproxy at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/tproxy
>

More information about the tproxy mailing list