Re: [squid-users] SQUID TPROXY not working when URL is hosted on the same machine running SQUID

From: Vignesh Ramamurthy <vignesh.vr_at_gmail.com>
Date: Fri, 9 Mar 2012 17:54:57 +0530

Hi Amos,

Thanks a lot for your help. Your suggestion of redirecting using
cache-peering worked. I did cache-peering with the same squid instance
(on a different port) and from then on sent to our captive portal.
That way, didnt have to change any URL rewriting logic.

Best Regards,
Vignesh

On Wed, Mar 7, 2012 at 4:43 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 6/03/2012 6:50 a.m., Vignesh Ramamurthy wrote:
>>
>> Hello,
>>
>> We are using squid to transparently proxy the traffic to a captive
>> portal that is residing on the same machine as the squid server. The
>> solution was working based on a NAT REDIRECT . We are moving the
>> solution to TPROXY based now as part of migration to IPv6. The TPROXY
>> works fine in intercepting traffic and also successfully able to allow
>> / deny traffic to IPv6 sites. We are facing a strange issue when we
>> try to access a URL in the same machine that hosts the squid server.
>> The acces hangs and squid is not able to connect to the URL. We are
>> having AOL webserver to host the webpage.
>
>
> As a workaround you can use the cache_peer "no-tproxy" option to get Squid
> to use its own IP when contacting that local server. It can still use the
> X-Forwarded-For header to get the client IP.
>
> I'm not too clear on the details, but I think it has something to do with
> the packets not actually going through routing or some layers of the
> handling TPROXY needs when shifting between processes on the same machine.
> If you want to learn the details and get it going please contact the
> netfilter people to find out whats happening to the packets once they leave
> Squid.
>
> Amos
Received on Fri Mar 09 2012 - 12:25:06 MST

This archive was generated by hypermail 2.2.0 : Fri Mar 09 2012 - 12:00:04 MST