Re: [squid-users] REDIRECT x Tproxy

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 16 Aug 2012 11:56:45 +1200

On 16.08.2012 01:47, Rafael Gomes wrote:
> Guys,
>
> Sorry if it will be a stupid question, but I was reading about Tproxy
> configuration and I can't found any information about https
> redirection.
>
> My question is :
>
> What is the difference between use iptables with REDIRECT and entire
> configuration of tproxy? I believe that will have a different result,
> but I really don't know and I can't found any documentation with this
> information.
>
> Ps: Sorry for my bad english too, I am studying that language yet.

REDIRECT is a type of DNAT which replaces the destination IP with the
machines main address and works on DHCP-assigned boxes where standard
DNAT does not work.

TPROXY is not related to NAT in any way. TPROXY spoofs the client IP on
outgoing traffic for proper transparent proxying. IP address
static/dynamic assignment type and IPv4/v6 type is irrelevant.

TPROXY is more complex to get right administratively but far simpler
(thus faster) in the code at both kernel and Squid levels. Once you get
your head around the fact the IP packet details DO NOT change between
input and output of the proxy things get easier to understand and
administer.

Amos
Received on Wed Aug 15 2012 - 23:56:49 MDT

This archive was generated by hypermail 2.2.0 : Thu Aug 16 2012 - 12:00:02 MDT