On 8/04/2015 3:21 a.m., johnzeng wrote: > Hello Lawrence: > > Thanks , Maybe we must add > tcp_outgoing_address at bridge mode + tproxy . > > and Box can send dns request to internet via > the setting . > > i feel accessing rate will be fast than > previous seting . > > > John Bridging, TPROXY and tcp_outgoing_address are *alternative* features. Bridging works with TPROXY, because TPOXY is all about using the client IP and not the local device (bridge) IP. Since bridge devices do not have an IP of their own to use in tcp_outgoing_address this works fine. TPROXY works without bridging, because bridging is just a TCP-only layer feature and Squid operates at HTTP layer. tcp_outgoing_address does *not* work with TPROXY (or bridging), because it is all about selecting which of the *Squid device* IPs are to be used by the *routing* systems. NP: You *can* use tcp_outgoing_address selection on traffic received in a TPROXY port, but only if spoofing is disabled using the spoof_client_ip directive. (<http://www.squid-cache.org/Doc/config/spoof_client_ip/>) Running Squid (or any other loclahost software) on a bridge device needs that device to *also* have some routing capability and IPs for use. Squid DNS traffic will use the device IP as source address so packets get back to *it* properly. This has nothing to do with the HTTP layer bridging or TPROXY or tcp_outgoing_address behaviours. This situation can make it appear as if strange things are going on if you are thinking of the box as *only* a bridge - because its not a bridge its a bridge+router. HTH Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
