On 09/05/2012 03:19, Amos Jeffries wrote:
i was curios about it and found out that Shorewall is using iptables mark to loadbalance and direct\route traffic in a multi-wan setup so it's pretty obvious why this accrues for tproxy.On 09.05.2012 03:07, Vinicius R. Baenas wrote:Hello, I wonder if someone could use the TPROXY with Shorewall and transparent Squid with using the routing rules on shorewall (tcrules) for hosts / networks (LAN) with multiples providers (WANs) directly from the internal network on port 80 (with TPROXY transparent squid or REDIRECT). On this issue, the routing rules is not work propertly because the source is the firewall ($FW) not the hosts or networks (LAN). My guess is the TPRoxy interception (spoofing) is not working... Thank you...REDIRECT uses NAT which erases the IP addresses and would always lead to the behaviour you describe. TPROXY would only result in such behaviour if not working. But you don't say what software versions you have on the box running Squid. TPROXY is new enough that specific minimum versions are still very important and bugs exist in uncommon use-cases. wiki.squid-cache.org/Features/Tproxy4 covers the specifics. Amos
if it uses some prerouting mangle to mark the packets,then they are remarked for tproxy and the whole multi-wan setup\settings is useless.
that is why it's better used on a routing level while using tproxy. Eliezer -- Eliezer Croitoru https://www1.ngtech.co.il IT consulting for Nonprofit organizations eliezer <at> ngtech.co.il
[Linux Audio Users] [Photo] [Yosemite News] [Samba] [Video Projectors] [Video Devices] [Big List of Linux Books] [LCD TVs] [Webcams] [Linux USB]