[prev in list] [next in list] [prev in thread] [next in thread]
List: tproxy
Subject: Re: [tproxy] TPROXY on ubuntu not working.
From: Eliezer Croitoru <eliezer () ngtech ! co ! il>
Date: 2013-11-18 18:05:12
Message-ID: 528A56D8.3050708 () ngtech ! co ! il
[Download RAW message or body]
Hey,
Squid supports layer 2+tproxy(WCCP) and I have not got into the depth of
this code yet but WCCP clearly states that it should work in L2 which is
the mac address.
There is the side of the TPROXY interception and the non-local ip:port
binding.
There are smart and managed switches that will not like more then one ip
with the same exact MAC address..
(imagine 8096+++ IP addresses with the same exact mac for the same port
on a smart switch with L3 inspection).
Eliezer
On 18/11/13 14:09, Balazs Scheidler wrote:
> it is not dependant on MAC addresses, as it's operating on L3/L4 and not
> below.
>
> squid must enable setsockopt(IP_TRANSPARENT) on its listener socket in
> order for the TPROXY destination to find its as a potential listener.
>
> Also, make sure that routing directs the response packet back to the
> same interface. Check that via tcpdump.
_______________________________________________
tproxy mailing list
tproxy@lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/tproxy
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic