On Wed, 30 Nov 2011 21:15:33 +0700, Nguyen Hai Nam wrote:
> On Wed, Nov 30, 2011 at 7:38 PM, Amos Jeffries wrote:
>>
>> NP: the whole NAT system underwent an upgrade in 3.1. Portions of it
>> have
>> not had much testing yet because nobody with non-Linux seems
>> interested or
>> able to assist with the deep investigations needed.
>>
>>
>> For starters, I need to know how the IPs can be retrieved by Squid
>> from the
>> NAT data. The current IPF implementation uses ioctl() APIs in the
>> kernel.
>>
>>
>> Amos
>>
>
> Hi,
>
> Example:
>
> # ipnat -l
> List of active MAP/Redirect filters:
> rdr iprb0 0.0.0.0/0 port 80 -> 10.2.176.31 port 3129 tcp
>
> List of active sessions:
> RDR 10.2.176.31 3129 <- -> 94.76.218.18 80 [10.10.225.153
> 4705]
>
> I think Squid starts up but it has no activity with intercept or
> anything.
>
> If it starts with "http_port 3129" only, squid always returns
> "Invalid
> URL" error.
Yes that is packets successfully arriving at squid and HTT request
being processed fine. The "intercept" flag tells squid to accept origin
server formatted (partial) URLs. Its absence tells Squid to accept proxy
formatted (absolute) URLs.
The problem is that IPF-transparent NAT lookup with ioctl() is not
working correctly. If you can find for me any kind of documentation on
how non-kernel software like squid can do NAT table lookups in your OS I
can probably fix that for you.
Amos
Received on Wed Nov 30 2011 - 22:55:19 MST
This archive was generated by hypermail 2.2.0 : Thu Dec 01 2011 - 12:00:03 MST