Re: [squid-users] WCCP load balancing and TPROXY fully transparent interception

From: Bin Liu <>
Date: Wed, 5 Nov 2008 23:50:37 +0800

Thanks for your reply.

> The redirection in both directions must match for this to work. See the
> wiki for a configuration example

The configuration example does not mention the scenario that one
router talks to *MULTIPLE* squid servers. As far as I know, cisco
routers does not fully track connections, they just redirect packets
by their IP addresses and source/destination ports. With TPROXY
enabled, router can not tell which outgoing request packet to original
destination server is sent by which squid server, as the source IP
address is original client's address. So the question arises:

I have 2 squid servers, squid A and squid B, both implented TPROXY and
connected to the same Cisco router:

squid A----Router----squid B

Here squid A wants to send a HTTP request to original destination
server, the routers just forwards this packet, it's OK; but when the
response packet from the original server returns in, how does the
router redirect that packet? Redirect it to squid A or squid B? As
there's no connection table in router memory or any mark in the
packet, how can the router determine that this response packet should
be forwarded to squid A?

squid A -- (request to original server) --> router --> original server
-- (response) --> router --> squid A or B?

Many thanks again.
Received on Wed Nov 05 2008 - 15:50:43 MST

This archive was generated by hypermail 2.2.0 : Thu Nov 06 2008 - 12:00:03 MST