Ben Kohn wrote:
>
> After many headaches we've finally gotten transparent proxying working
> correctly with no reset by peer errors..
>
> We've now run into another problem. When we last had it set up for
> transparent proxying, when someone went into a site that checked against
> the IP, it would properly show the client's IP. Now it's showing squid's
> ip again. Can anyone help me out in getting it to display the client's IP
> again?
Now, that is a slightly harder task than building a transparent proxy.
First of all it requires support from the TCP/IP stack where Squid is
running. One TCP/IP stack capable of this is Linux with
IP_TRANSPARENT_PROXY enabled. Some minor patching of the kernel may be
required to lessen the permission restrictions on this feature (only
root processes are allowed by default).
Secondly it requires some support from the software to tell the
operating system which client source address that should be used on an
per connection basis. Squid does not attempt to do this today (only a
fixed single source address for all connections), but it is not that
hard to extend Squid with this functionality if you know a minimal
amount of C programming.
Third, it requires redirection of incoming network traffic much in the
same way as client traffic is redirected to Squid in an transparent
proxy setup. Only difference is that redirection is done based on the
source port of incoming traffic this time.
--- Henrik Nordstrom Spare time Squid hackerReceived on Sat Mar 13 1999 - 18:37:01 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:45:15 MST