Re: [squid-users] Squid-3 + Tproxy4 clarification

From: Amos Jeffries <>
Date: Wed, 05 Nov 2008 01:46:26 +1300

Arun Srinivasan wrote:
> Hi List,
> Has anyone successfully used cache_peer support with tproxy4 enabled?

Not that I'm aware of at this point.

> The scenario is running Squid proxy with tproxy4 enabled and another
> http proxy (no tproxy4) on the same box.
> First Squid would receive the request from the user, then connects to
> its cache_peer which is the other http proxy.
> With tproxy enabled, am not able to establish connection between Squid
> and the other proxy. However, in interception mode, am able to do
> this.
> Please advise if I am missing out anything.
> Following are the packages and its versions used:
> Kernel version: 2.6.26
> Tproxy version: tproxy4-2.6.26-200809262032
> iptables version: tproxy-iptables-1.4.0-20080521-113954-1211362794
> Squid version: squid-3.HEAD-20081021

The new TPROXY/Squid interaction is that it natively spoofs the client
IP on all outbound links made newly for that request.

Two things to check are:
  - does the client IP have access to use the hidden peer proxy?

  - do the connections between peers go over lo interface? I'm not sure
what the special kernel behavior with public IPs on localhost interface
would be.


Please be using
   Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10
   Current Beta Squid
Received on Tue Nov 04 2008 - 12:46:30 MST

This archive was generated by hypermail 2.2.0 : Tue Nov 04 2008 - 12:00:04 MST