Re: [squid-users] Squid+ip spoofing

From: Mitesh P Choksi <mitesh@dont-contact.us>
Date: Mon, 8 Mar 2004 20:34:26 +0300

using tcp_outgoing_address it is very much possible and then postrouting chain
in linux will be helpful.

There may be limitations about number of tcp_outgoing_address entries.

The best part of this method is that all cached content can be served to
clients at max speeds where as htp+imq could be used to serve at limited
bandwidth.

Regards,

Cyberdude Murli

---------- Original Message -----------
From: "hare ram" <hareram@sol.net.in>
To: "Henrik Nordstrom" <hno@squid-cache.org>
Cc: <squid-users@squid-cache.org>
Sent: Mon, 8 Mar 2004 12:28:41 +0530
Subject: Re: [squid-users] Squid+ip spoofing

> Hi Henrik
>
> thanks for the reply
>
> Since all my clients are using Valid IP
> and i dont want them to NAT
> so iam trying to deploy the ip-spoofing with the squid
> if the squid has a content, its fetch from squid
> if not its get it from orginalserver
>
> but most of the time on server side if i monitor,iam getting squid
> ip rather client, how can resolve this problem
>
> hare
> ----- Original Message -----
> From: "Henrik Nordstrom" <hno@squid-cache.org>
> To: "hare ram" <hareram@sol.net.in>
> Cc: <squid-users@squid-cache.org>
> Sent: Friday, March 05, 2004 6:49 PM
> Subject: Re: [squid-users] Squid+ip spoofing
>
> > On Fri, 5 Mar 2004, hare ram wrote:
> >
> > > so ther destination Server will see the Client IP.,
> > > instead of cache Server IP
> > >
> > > is this possible with the same with Squid
> >
> > Yes and no.
> >
> > The main problem is that few if any OS where Squid runs support this type
> > of IP spoofing, but there is ways around.
> >
> > a) You can use tcp_outgoing_address + NAT. For each client IP have Squid
> > assigne a unique source IP address with tcp_outgoing_address, and then NAT
> > these to the real client IP.
> >
> > b) The TPROXY extension to Linux. There is even a Squid patch for using
> > this but it is not entirely up to date and requires some work.
> >
> >
> > Regards
> > Henrik
> >
> >
------- End of Original Message -------
Received on Mon Mar 08 2004 - 10:37:55 MST

This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:01 MST