Thanks for the response. " - does the client IP have access to use the hidden peer proxy?" Yes. To ensure this I tried it out with an 'nc' utility instead of peer proxy. "- do the connections between peers go over lo interface? I'm not sure what the special kernel behavior with public IPs on localhost interface would be." Yes. I could see the connections go over lo interface. However, it is not getting handled by the stack. 2008/11/4 Amos Jeffries <squid3@xxxxxxxxxxxxx>: > Arun Srinivasan wrote: >> >> Hi List, >> >> Has anyone successfully used cache_peer support with tproxy4 enabled? > > Not that I'm aware of at this point. > >> >> The scenario is running Squid proxy with tproxy4 enabled and another >> http proxy (no tproxy4) on the same box. >> >> First Squid would receive the request from the user, then connects to >> its cache_peer which is the other http proxy. >> >> With tproxy enabled, am not able to establish connection between Squid >> and the other proxy. However, in interception mode, am able to do >> this. >> >> Please advise if I am missing out anything. >> >> Following are the packages and its versions used: >> Kernel version: 2.6.26 >> Tproxy version: tproxy4-2.6.26-200809262032 >> iptables version: tproxy-iptables-1.4.0-20080521-113954-1211362794 >> Squid version: squid-3.HEAD-20081021 > > The new TPROXY/Squid interaction is that it natively spoofs the client IP on > all outbound links made newly for that request. > > Two things to check are: > - does the client IP have access to use the hidden peer proxy? > > - do the connections between peers go over lo interface? I'm not sure what > the special kernel behavior with public IPs on localhost interface would be. > > > Amos > -- > Please be using > Current Stable Squid 2.7.STABLE5 or 3.0.STABLE10 > Current Beta Squid 3.1.0.1 > -- Regards, Arun S.
