On Mon, 31 Aug 2009 15:25:32 +0300, "Alans" <batpower83@xxxxxxxxxxx> wrote: > Hi, > > I'm new to Squid and Iptable, I have some questions: > 1. TPROXY is used so that squid go to internet with different IPs, > right? > 2. How to check if TPROXY is used with Iptable? > 3. If it's, then is there any other ways to go out with different IPs > each time other than TPROXY? > > Regards, > Alans TPROXY is done by the kernel outside of Squid. The IPs are already changed by the time they arrive, all Squid does is use the socket IP_TRANSPARENT test to see if they arrived via TPROXY and set the same flag on the outbound links. The kernel will kill the TCP open attempt if the IPs used on outbound do not match any IPs it sent to Squid. Contact the kernel people for any more details. Amos
