[squid-users] TPROXY - possible in such network setup (hanging connections)?

From: Tomasz Chmielewski <mangoo_at_wpkg.org>
Date: Mon, 01 Nov 2010 23:55:27 +0100

I'm trying to configure Squid to work in tproxy mode (IPv4, when it
works, IPv6), but my connections are hanging and I'm not sure how to
debug this.

Perhaps my network setup won't just work with tproxy?

My network setup looks like below:

internet gateway - squid - client

Internet gateway, squid, client - all have public IPv4 addresses.

The client has squid IP address set as a gateway for addresses I'd like
to proxy.
If I ping the destination from the client, all packets go through the
proxy, but the replies don't go through the proxy.

I see the website in the internet gets TCP packets with client IP and
replies to them. Client receives packets with website IPs.

However, the connection hangs:

$ wget -O /dev/null example.com
--2010-11-02 06:48:51-- http://example.com
Resolving example.com... 1.2.3.4
Connecting to example.com|1.2.3.4|:80... connected.
HTTP request sent, awaiting response...

If I press ctrl+c on the client, Squid logs the page I tried to access:

1288651691.229 29850 client_ip TCP_MISS/000 0 GET http://example.com/ -
DIRECT/1.2.3.4 -

What is wrong in my setup? It works when I use NAT, but I'd like to use
IPv6 too, so I have to use TPROXY.

-- 
Tomasz Chmielewski
http://wpkg.org
Received on Mon Nov 01 2010 - 22:55:26 MDT

This archive was generated by hypermail 2.2.0 : Tue Nov 02 2010 - 12:00:02 MDT