[squid-users] IPv6 and TPROXY
Amos Jeffries
squid3 at treenet.co.nz
Sun Aug 20 00:45:06 UTC 2017
On 20/08/17 12:08, Eliezer Croitoru wrote:
> You can use tproxy but you will need to somehow make it so squid will do "NAT" instead of only tproxy or to findout what is causing the issue to happen in the network layer of the connection.
> It can be a simple iptables rule which block traffic or another issue like rp_filter.
> If you are up to it I will be willing to try and setup a more advanced ipv6 setup that might help to inspect the issue.
>
> In the mean while I am missing one piece which maybe Amos can help with:
> Is it possible to use tproxy for interception but force a non tproxy connection on the outgoing traffic?
I'm not sure what problem that would solve. If TPROXY is not working
fully it wont magically start half-working.
AFAICS, Walters problem with TPROXY is that his firewall rules are setup
for accepting only traffic with 2001::/16 IP addresses. With TPROXY the
original 2a02::/16 IP remains present so the rules based on 2001::/16
wont let the traffic into the proxy.
Amos
More information about the squid-users
mailing list