Hi Amos, Thanks a lot for your help. Your suggestion of redirecting using cache-peering worked. I did cache-peering with the same squid instance (on a different port) and from then on sent to our captive portal. That way, didnt have to change any URL rewriting logic. Best Regards, Vignesh On Wed, Mar 7, 2012 at 4:43 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 6/03/2012 6:50 a.m., Vignesh Ramamurthy wrote: >> >> Hello, >> >> We are using squid to transparently proxy the traffic to a captive >> portal that is residing on the same machine as the squid server. The >> solution was working based on a NAT REDIRECT . We are moving the >> solution to TPROXY based now as part of migration to IPv6. The TPROXY >> works fine in intercepting traffic and also successfully able to allow >> / deny traffic to IPv6 sites. We are facing a strange issue when we >> try to access a URL in the same machine that hosts the squid server. >> The acces hangs and squid is not able to connect to the URL. We are >> having AOL webserver to host the webpage. > > > As a workaround you can use the cache_peer "no-tproxy" option to get Squid > to use its own IP when contacting that local server. It can still use the > X-Forwarded-For header to get the client IP. > > I'm not too clear on the details, but I think it has something to do with > the packets not actually going through routing or some layers of the > handling TPROXY needs when shifting between processes on the same machine. > If you want to learn the details and get it going please contact the > netfilter people to find out whats happening to the packets once they leave > Squid. > > Amos
