Arun Srinivasan wrote:
> Hi List,
>
> Has anyone successfully used cache_peer support with tproxy4 enabled?
Not that I'm aware of at this point.
>
> The scenario is running Squid proxy with tproxy4 enabled and another
> http proxy (no tproxy4) on the same box.
>
> First Squid would receive the request from the user, then connects to
> its cache_peer which is the other http proxy.
>
> With tproxy enabled, am not able to establish connection between Squid
> and the other proxy. However, in interception mode, am able to do
> this.
>
> Please advise if I am missing out anything.
>
> Following are the packages and its versions used:
> Kernel version: 2.6.26
> Tproxy version: tproxy4-2.6.26-200809262032
> iptables version: tproxy-iptables-1.4.0-20080521-113954-1211362794
> Squid version: squid-3.HEAD-20081021
The new TPROXY/Squid interaction is that it natively spoofs the client
IP on all outbound links made newly for that request.
Two things to check are:
- does the client IP have access to use the hidden peer proxy?
- do the connections between peers go over lo interface? I'm not sure
what the special kernel behavior with public IPs on localhost interface
would be.
Amos
-- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 Current Beta Squid 3.1.0.1Received on Tue Nov 04 2008 - 12:46:30 MST
This archive was generated by hypermail 2.2.0 : Tue Nov 04 2008 - 12:00:04 MST