On Sun, 13 Jun 2004, Vladimir Potapov wrote:
> Now we using squid as a trasparent proxy and it work very fine.
> To share internet we using VPN and each client appropriate real IP.
> The clients serfing internet through transparent proxy.
> We want to using transparent proxy that it did not substitute clients real
> IP to external IP of proxy.If squid does not support this feature, what
> piece of code we need to rewrite?
I assume you ask for a setup where the clients real IP is still used when
Squid makes the request to the origin server instead of the IP address of
your Squid server.
For this you need
a) A network setup where this is possible. This kind of spoofing of the
client IP requires very strict network designs to work.
b) A server OS allowing Squid to spoof the client IP. Linux with the
TPROXY patch (see Netfilter patch-o-matic-ng) is one such OS.
c) Squid modified to make use of the feature in 'b' when making
connections to the network.
Or alternatively you can do the same by using a list of private IP
addresses (one per client) in tcp_outgoing_address and then NAT these back
to the clients real IP before leaving your network. This requires no
modifications to your OS or Squid, but does require a NAT function/device
before the traffic leaves your network.
But for many servers this is not needed. Squid does by default announce
the original client header in it's X-Forwarded-For header.
Regards
Henrik
Received on Sun Jul 25 2004 - 10:32:42 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Aug 01 2004 - 12:00:02 MDT