Thanks for the response.
" - does the client IP have access to use the hidden peer proxy?"
Yes. To ensure this I tried it out with an 'nc' utility instead of peer proxy.
"- do the connections between peers go over lo interface? I'm not sure
what the special kernel behavior with public IPs on localhost
interface would be."
Yes. I could see the connections go over lo interface. However, it is
not getting handled by the stack.
2008/11/4 Amos Jeffries <squid3_at_treenet.co.nz>:
> Arun Srinivasan wrote:
>>
>> Hi List,
>>
>> Has anyone successfully used cache_peer support with tproxy4 enabled?
>
> Not that I'm aware of at this point.
>
>>
>> The scenario is running Squid proxy with tproxy4 enabled and another
>> http proxy (no tproxy4) on the same box.
>>
>> First Squid would receive the request from the user, then connects to
>> its cache_peer which is the other http proxy.
>>
>> With tproxy enabled, am not able to establish connection between Squid
>> and the other proxy. However, in interception mode, am able to do
>> this.
>>
>> Please advise if I am missing out anything.
>>
>> Following are the packages and its versions used:
>> Kernel version: 2.6.26
>> Tproxy version: tproxy4-2.6.26-200809262032
>> iptables version: tproxy-iptables-1.4.0-20080521-113954-1211362794
>> Squid version: squid-3.HEAD-20081021
>
> The new TPROXY/Squid interaction is that it natively spoofs the client IP on
> all outbound links made newly for that request.
>
> Two things to check are:
> - does the client IP have access to use the hidden peer proxy?
>
> - do the connections between peers go over lo interface? I'm not sure what
> the special kernel behavior with public IPs on localhost interface would be.
>
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10
> Current Beta Squid 3.1.0.1
>
-- Regards, Arun S.Received on Tue Nov 04 2008 - 17:07:18 MST
This archive was generated by hypermail 2.2.0 : Wed Nov 05 2008 - 12:00:02 MST