On 4/03/2013 9:29 p.m., Omid Kosari wrote:
New finding from my other topic at serverfault http://serverfault.com/questions/483038/squid-transparent-proxy-connection-fails-on-specific-sites <http://serverfault.com/questions/483038/squid-transparent-proxy-connection-fails-on-specific-sites> The problem caused by TPROXY . when using REDIRECT the problem disappeared and when switching back to TPROXY it occurs again . but it is not a solution
Please be aware TPROXY works *very* differently to NAT (REDIRECT, DNAT). All the above result means is that the Squid service is able to use regular (non-TPROXY) connections to servers. You could identify the same thing using wget or such on the Squid box *with* TPROXY configured.
So what packets are happening between Squid and the server on the REDIRECT which are not happenig on the TPROXY? If you ignore the fact that REDIRECT sets the Squid box IP in packets outgoing and TPROXY sets the client IP there, what else is different? (ICMP stuff?) in particular anything missing in the TPROXY trace?
Amos
