Search squid archive

Re: IPv6 and TPROXY

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 20/08/17 23:47, Eliezer Croitoru wrote:
I am still waiting for couple answers about the system and the setup.
Also to resolve the issue it will be required to know if the issue is on squid side or the kernel side(ipv6 related) or iptables rules.
All of the above will allow us to help Walter make this system work.

And Amos, about the part of avoiding using tproxy for the outgoing traffic and only use it to intercept the connections:
For a CentOS 6 system it's the only option to run an INTERCEPT proxy which hides the client IPv6 address so I think it's something that need to be documented somewhere in the wiki.

CentOS 6 still supplies kernel 2.6.32 apparently. Issues with those kernels are listed in the TPROXY wiki page:
"
TPROXYv4 support reached a usable form in 2.6.28. However several Kernels have various known bugs:

* 2.6.28 to 2.6.32 have different rp_filter configuration. The rp_filter settings (0 or 1) for these kernels will silently block TPROXY if used on newer kernels.
 * 2.6.28 to 2.6.36 are known to have ICMP and TIME_WAIT issues.
 * 2.6.32 to 2.6.34 have bridging issues on some systems.
"



I would be happy to write the article if I would have known how to disable tproxy for the outgoing traffic.

There is nothing to document, it is not configurable.

When one is stuck with an ancient kernel the available modern features are naturally rather limited.

Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux