[squid-users] Re: IPv6 + Intercept proxy

From: WorkingMan <signup_mail2002_at_yahoo.com>
Date: Thu, 31 Oct 2013 17:30:41 +0000 (UTC)

> TPROXY is not routing. It is packet interception, taking a packet from
> the kernel TCP stack and delivering it to a local process running on
> that machine. Taking packets from that same local process marked with a
> special TPROXY flag and allowing them to be routed despite having a src
> address of a different machine (spoofing is normally prohibited by the
> kernel).
> Simple really. But it places a lot of requirement pressure on the
> networking and routing to handle the packets properly.
> > The alternative for remote host is policy based routing (if you followed
> > other thread on this for ipv4 but ipv6 should not be too different). But
as I
> > said before I am not able to make it work.
> Unfortunately the policy routing is mandatory whenever there are
> alternative routes for the packets to travel over which bypass the
> interceptor proxy.
> Amos

Does TPROXY setup work with remote proxy server?

It appears to be for local routing only. I don't want to start trying this
if it will not support remote routing (hint: specify this in the wiki, also
it doesn't say that newer kernel seem to have all the dependency built in
the kernel out of box; and based on configuration I saw it's all there, most
of the guide out there on this is for kernel 2.6x which is old).

Received on Thu Oct 31 2013 - 17:31:02 MDT

This archive was generated by hypermail 2.2.0 : Thu Oct 31 2013 - 12:00:08 MDT