On 6/03/2012 6:50 a.m., Vignesh Ramamurthy wrote:
Hello, We are using squid to transparently proxy the traffic to a captive portal that is residing on the same machine as the squid server. The solution was working based on a NAT REDIRECT . We are moving the solution to TPROXY based now as part of migration to IPv6. The TPROXY works fine in intercepting traffic and also successfully able to allow / deny traffic to IPv6 sites. We are facing a strange issue when we try to access a URL in the same machine that hosts the squid server. The acces hangs and squid is not able to connect to the URL. We are having AOL webserver to host the webpage.
As a workaround you can use the cache_peer "no-tproxy" option to get Squid to use its own IP when contacting that local server. It can still use the X-Forwarded-For header to get the client IP.
I'm not too clear on the details, but I think it has something to do with the packets not actually going through routing or some layers of the handling TPROXY needs when shifting between processes on the same machine. If you want to learn the details and get it going please contact the netfilter people to find out whats happening to the packets once they leave Squid.
Amos