On 03/04/11 18:17, cytron_at_pop.com.br wrote:
> Hi!
>
> I use tproxy in my squid server for a long time, but in this days I
> need to redirect some trafic to other link by selected list url in
> squid.conf using ACL.
>
> I set the tcp_outgoing_address but don't work, the trafic out by
> default route.
> I replace tproxy from http_port to "transparent" and
> tcp_outgoing_address work fine.
The old tag "transparent" used to and currently for backward
compatibility only means NAT. It is deprecated so we can in future make
it mean real HTTP transparency some day.
Use "tproxy" for TPROXY transparent proxy or "intercept" for NAT
intercepting proxy.
>
> Resume:
>
> without tproxy = tcp_outgoing_address work fine!
>
> with tproxy = tcp_outgoing_address is ignored
>
> What is this? a bug? a bad resource? bad configure?
Design. TPROXY means spoofing the source address. Traffic entering the
Squid box is identical to traffic leaving it. It is transparent at the
IP protocol level.
You must do any NAT manipulation on the IP outside of Squid. You can
only MARK or TOS the packets at the TCP level as they leave when using
TPROXY.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.11 Beta testers wanted for 3.2.0.5Received on Sun Apr 03 2011 - 10:14:08 MDT
This archive was generated by hypermail 2.2.0 : Sun Apr 03 2011 - 12:00:01 MDT