[squid-users] Possible-Spam a question about Dns lookup
Amos Jeffries
squid3 at treenet.co.nz
Wed Apr 8 04:00:14 UTC 2015
On 8/04/2015 3:21 a.m., johnzeng wrote:
> Hello Lawrence:
>
> Thanks , Maybe we must add
> tcp_outgoing_address at bridge mode + tproxy .
>
> and Box can send dns request to internet via
> the setting .
>
> i feel accessing rate will be fast than
> previous seting .
>
>
> John
Bridging, TPROXY and tcp_outgoing_address are *alternative* features.
Bridging works with TPROXY, because TPOXY is all about using the client
IP and not the local device (bridge) IP. Since bridge devices do not
have an IP of their own to use in tcp_outgoing_address this works fine.
TPROXY works without bridging, because bridging is just a TCP-only layer
feature and Squid operates at HTTP layer.
tcp_outgoing_address does *not* work with TPROXY (or bridging), because
it is all about selecting which of the *Squid device* IPs are to be used
by the *routing* systems.
NP: You *can* use tcp_outgoing_address selection on traffic received in
a TPROXY port, but only if spoofing is disabled using the
spoof_client_ip directive.
(<http://www.squid-cache.org/Doc/config/spoof_client_ip/>)
Running Squid (or any other loclahost software) on a bridge device needs
that device to *also* have some routing capability and IPs for use.
Squid DNS traffic will use the device IP as source address so packets
get back to *it* properly. This has nothing to do with the HTTP layer
bridging or TPROXY or tcp_outgoing_address behaviours.
This situation can make it appear as if strange things are going on if
you are thinking of the box as *only* a bridge - because its not a
bridge its a bridge+router.
HTH
Amos
More information about the squid-users
mailing list