Re: [squid-users] squid 3.2.0.18 transparent nat interception

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 30 Aug 2012 02:41:53 +1200

On 30/08/2012 2:30 a.m., Pawel Mojski wrote:
> W dniu 29-Aug-12 16:11, Pawel Mojski pisze:
>> W dniu 29-Aug-12 15:20, Pawel Mojski pisze:
>>> [...]
>>>> No, they are not.
>>>> The first of all, The problem appers even with no redirection. For
>>>> example.
>>>> If I start squid, then telnet localhost 8081, the do:
>>>> GET / HTTP/1.0
>>>> Host: aol.com
>>>>
>>> [...]
>>>
>>> To be a little more specific, here is some example.
>> [...]
>>
>> It have to be a bug in 3.2.0.18 (may any 3.2.0.x - 3.2.0.18 is that
>> one which I use).
>> When I downgraded to 3.1.19 all problems dissappeared (on the same
>> config file).
>
> Ok, I figured out what the problem is but I have no idea how to fix it.
> In 3.1.19 transparent nat works in simple scenario.
> tcp connection was established with client, then Host: header was
> readed and new connection between squid and remote server (resolved
> from host header) was established.
>
> In 3.2.0.18 it works another way. squid are connecting to the ip
> address from destination address in tcp packet received by squid.
> So, if I'm using DNAT (not REDIRECT in iptables) the original
> destination address is replaced with squid ip address, to squid are
> connecting to himself.
> Just like with my telnet demo. Destination address was squid address
> so squid was connecting in the loop to himself.
>
> So, is it possible to do it in 3.1 style? I can not use REDIRECT
> because squid is not a router and even is not in the same subnet with
> other clients. Only way to deploy my scenario is using DNAT over ther
> internet.

There is a patch in bug 3626 to try.

Amos
Received on Wed Aug 29 2012 - 14:42:08 MDT

This archive was generated by hypermail 2.2.0 : Thu Aug 30 2012 - 12:00:04 MDT