Re: [squid-users] Re: Squid transparent proxy connection fails on specific sites?

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 05 Mar 2013 09:25:52 +1300

On 4/03/2013 9:29 p.m., Omid Kosari wrote:
> New finding from my other topic at serverfault
> http://serverfault.com/questions/483038/squid-transparent-proxy-connection-fails-on-specific-sites
> <http://serverfault.com/questions/483038/squid-transparent-proxy-connection-fails-on-specific-sites>
>
> The problem caused by TPROXY . when using REDIRECT the problem disappeared
> and when switching back to TPROXY it occurs again . but it is not a solution

Please be aware TPROXY works *very* differently to NAT (REDIRECT, DNAT).
All the above result means is that the Squid service is able to use
regular (non-TPROXY) connections to servers. You could identify the same
thing using wget or such on the Squid box *with* TPROXY configured.

So what packets are happening between Squid and the server on the
REDIRECT which are not happenig on the TPROXY?
If you ignore the fact that REDIRECT sets the Squid box IP in packets
outgoing and TPROXY sets the client IP there, what else is different?
(ICMP stuff?) in particular anything missing in the TPROXY trace?

Amos
Received on Mon Mar 04 2013 - 20:26:02 MST

This archive was generated by hypermail 2.2.0 : Tue Mar 05 2013 - 12:00:03 MST