On Wed, 30 Nov 2011 21:15:33 +0700, Nguyen Hai Nam wrote:
On Wed, Nov 30, 2011 at 7:38 PM, Amos Jeffries wrote:
NP: the whole NAT system underwent an upgrade in 3.1. Portions of it
have
not had much testing yet because nobody with non-Linux seems
interested or
able to assist with the deep investigations needed.
For starters, I need to know how the IPs can be retrieved by Squid
from the
NAT data. The current IPF implementation uses ioctl() APIs in the
kernel.
Amos
Hi,
Example:
# ipnat -l
List of active MAP/Redirect filters:
rdr iprb0 0.0.0.0/0 port 80 -> 10.2.176.31 port 3129 tcp
List of active sessions:
RDR 10.2.176.31 3129 <- -> 94.76.218.18 80 [10.10.225.153
4705]
I think Squid starts up but it has no activity with intercept or
anything.
If it starts with "http_port 3129" only, squid always returns
"Invalid
URL" error.
Yes that is packets successfully arriving at squid and HTT request
being processed fine. The "intercept" flag tells squid to accept origin
server formatted (partial) URLs. Its absence tells Squid to accept proxy
formatted (absolute) URLs.
The problem is that IPF-transparent NAT lookup with ioctl() is not
working correctly. If you can find for me any kind of documentation on
how non-kernel software like squid can do NAT table lookups in your OS I
can probably fix that for you.
Amos
