Hi. On Sun, Jan 11, 2026 at 02:46:56AM +0100, Ruben Di Battista <[email protected]> wrote: > Hello, this is a cross post from the squid mailing list. I'm trying to run > squid proxy within a network namespace. Despite what I believe is a well > configured unit, when I send a curl request over the proxy, the IP shown is > the one from the physical net namespace instead of the one I want the unit > to run into (`vpn`), which means the process is not running where I'd like > for it to run. > > I'm assuming it must be related to some specific behavior of `squid` > (forking?), because if I use the same unit for `tinyproxy`, everything > works as expected.
You can compare the value in `readlink /proc/<pid-of-service>/ns/net` and `ls -i /run/netns/vpn` to determine whether same netns is really used. Then I'd try stracing the squid process to see whether it doesn't change netns (possibly mountns too?) out of its volition and thus ending up elsewhere. (strace may give hints in general) HTH, Michal
signature.asc
Description: PGP signature
