On 4/03/2013 9:29 p.m., Omid Kosari wrote:
New finding from my other topic at serverfault
http://serverfault.com/questions/483038/squid-transparent-proxy-connection-fails-on-specific-sites
<http://serverfault.com/questions/483038/squid-transparent-proxy-connection-fails-on-specific-sites>
The problem caused by TPROXY . when using REDIRECT the problem disappeared
and when switching back to TPROXY it occurs again . but it is not a solution
Please be aware TPROXY works *very* differently to NAT (REDIRECT, DNAT).
All the above result means is that the Squid service is able to use
regular (non-TPROXY) connections to servers. You could identify the same
thing using wget or such on the Squid box *with* TPROXY configured.
So what packets are happening between Squid and the server on the
REDIRECT which are not happenig on the TPROXY?
If you ignore the fact that REDIRECT sets the Squid box IP in packets
outgoing and TPROXY sets the client IP there, what else is different?
(ICMP stuff?) in particular anything missing in the TPROXY trace?
Amos
