Re: [squid-users] SQUID TPROXY not working when URL is hosted on the same machine running SQUID

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 08 Mar 2012 00:13:52 +1300

On 6/03/2012 6:50 a.m., Vignesh Ramamurthy wrote:
> Hello,
>
> We are using squid to transparently proxy the traffic to a captive
> portal that is residing on the same machine as the squid server. The
> solution was working based on a NAT REDIRECT . We are moving the
> solution to TPROXY based now as part of migration to IPv6. The TPROXY
> works fine in intercepting traffic and also successfully able to allow
> / deny traffic to IPv6 sites. We are facing a strange issue when we
> try to access a URL in the same machine that hosts the squid server.
> The acces hangs and squid is not able to connect to the URL. We are
> having AOL webserver to host the webpage.

As a workaround you can use the cache_peer "no-tproxy" option to get
Squid to use its own IP when contacting that local server. It can still
use the X-Forwarded-For header to get the client IP.

I'm not too clear on the details, but I think it has something to do
with the packets not actually going through routing or some layers of
the handling TPROXY needs when shifting between processes on the same
machine. If you want to learn the details and get it going please
contact the netfilter people to find out whats happening to the packets
once they leave Squid.

Amos
Received on Wed Mar 07 2012 - 11:13:57 MST

This archive was generated by hypermail 2.2.0 : Fri Mar 09 2012 - 12:00:03 MST