On 20/08/17 12:08, Eliezer Croitoru wrote:
You can use tproxy but you will need to somehow make it so squid will do "NAT" instead of only tproxy or to findout what is causing the issue to happen in the network layer of the connection. It can be a simple iptables rule which block traffic or another issue like rp_filter. If you are up to it I will be willing to try and setup a more advanced ipv6 setup that might help to inspect the issue. In the mean while I am missing one piece which maybe Amos can help with: Is it possible to use tproxy for interception but force a non tproxy connection on the outgoing traffic?
I'm not sure what problem that would solve. If TPROXY is not working fully it wont magically start half-working.
AFAICS, Walters problem with TPROXY is that his firewall rules are setup for accepting only traffic with 2001::/16 IP addresses. With TPROXY the original 2a02::/16 IP remains present so the rules based on 2001::/16 wont let the traffic into the proxy.
Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
