On 30/08/2012 2:30 a.m., Pawel Mojski wrote:
W dniu 29-Aug-12 16:11, Pawel Mojski pisze:
W dniu 29-Aug-12 15:20, Pawel Mojski pisze:
[...]
No, they are not.
The first of all, The problem appers even with no redirection. For
example.
If I start squid, then telnet localhost 8081, the do:
GET / HTTP/1.0
Host: aol.com
[...]
To be a little more specific, here is some example.
[...]
It have to be a bug in 3.2.0.18 (may any 3.2.0.x - 3.2.0.18 is that
one which I use).
When I downgraded to 3.1.19 all problems dissappeared (on the same
config file).
Ok, I figured out what the problem is but I have no idea how to fix it.
In 3.1.19 transparent nat works in simple scenario.
tcp connection was established with client, then Host: header was
readed and new connection between squid and remote server (resolved
from host header) was established.
In 3.2.0.18 it works another way. squid are connecting to the ip
address from destination address in tcp packet received by squid.
So, if I'm using DNAT (not REDIRECT in iptables) the original
destination address is replaced with squid ip address, to squid are
connecting to himself.
Just like with my telnet demo. Destination address was squid address
so squid was connecting in the loop to himself.
So, is it possible to do it in 3.1 style? I can not use REDIRECT
because squid is not a router and even is not in the same subnet with
other clients. Only way to deploy my scenario is using DNAT over ther
internet.
There is a patch in bug 3626 to try.
Amos
