On 14/05/17 01:59, Abi Askushi wrote:
Hi,
I have setup squid (v 3.1.20) with tproxy and relevant iptables and
policy routes. It is functioning ok except one thing, squid is not
able to redirect to deny page (located on same device) and it gives
error "101 network unreachable". I have squidguard in the setup as a
helper program and squidguard is doing the redirection to a page on
localhost. With squid in intercept mode this redirection to deny page
is ok. I have also disabled rpfilter in kernel. I may provide more
details on configs if needed.
Did anyone encounter this? Any ideas?
It is not possible to use a global IP address (eg the spoofed client IP)
to connect to any machines lo (localhost) interface.
So Squid is not able to perform TPROXY spoofing to fetch the page your
SG is *re-writing* (not redirecting) the URL to. If you actually are
redirecting then the client cannot connect to the web server running in
*its* localhost interface.
PS. please upgrade, no up to date OS releases I'm aware of still ship
Squid-3.1.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
