Re: [squid-users] Squid+ip spoofing

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 5 Mar 2004 14:19:36 +0100 (CET)

On Fri, 5 Mar 2004, hare ram wrote:

> so ther destination Server will see the Client IP.,
> instead of cache Server IP
>
> is this possible with the same with Squid

Yes and no.

The main problem is that few if any OS where Squid runs support this type
of IP spoofing, but there is ways around.

a) You can use tcp_outgoing_address + NAT. For each client IP have Squid
assigne a unique source IP address with tcp_outgoing_address, and then NAT
these to the real client IP.

b) The TPROXY extension to Linux. There is even a Squid patch for using
this but it is not entirely up to date and requires some work.

Regards
Henrik
Received on Fri Mar 05 2004 - 06:19:41 MST

This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:01 MST