Re: [squid-users] Re: Hide squid cache server IP

Yup..

thanks a lot Abu

And one more thing i only use single interface in the squid box,
and using public ip. All the clients are using public ip address too.

But is there any other way beside mapping the ip address
one by one in the nat configuration ?

What I need is the destination web server only know the real public ip
of the client rather than squid's ip. Which maybe this is the reverse
than other people need by anonymyzing their ip address through squid proxy.

regards'
-rd-

Abu Khaled wrote:
> On 7/6/05, Joost de Heer <sanguis@xs4all.nl> wrote:
>
>>>I just wondering if it is possible to hide ip address
>>>from my squid box to destination server. Because I see
>>>that some sites are limiting their traffic for certain ip address.
>>
>>How do you expect the destination server to send back TCP packages if you
>>hide the IP address?
>>
>>Joost
>>
>>
>
>
> I think what he wants to do is to masquerade the requests from the
> squid proxy server IP to the client's IPs.
> There is a patch for the Linux Kernel (tproxy) but I do not use Linux.
> Following advise form Henrik Nordström, I used tcp_outgoing_address
> and NAT to masquerade the requests.
>
> client IP -> squid -> squid sets tcp_outgoing_address to private IP
> NAT masquerades private IP to client IP -> internet
>
> here is how it worked for a friend of mine.
>
> NAT must use bidirectional mapping (1:1 mapping)
> eg: client 1 public IP 1.2.3.1 bimaped to private IP 10.0.0.1
> NAT must be done on the external interface (the one connecting squid
> to the gateway/router)
>
> We used FreeBSD and tested IPFILTER/IPNAT
> example ipnat.conf
> bimap $ext_if from 10.0.0.1/32 to 0.0.0.0/0 port = 80 -> 1.2.3.1/32
> bimap $ext_if from 10.0.0.2/32 to 0.0.0.0/0 port = 80 -> 1.2.3.2/32
> bimap $ext_if from 10.0.0.3/32 to 0.0.0.0/0 port = 80 -> 1.2.3.3/32
> -----
> Used the loopback interface to create the aliases for private IPs.
> The alias netmask must be set to 255.255.255.255 to avoid conflicts
> exampe:
> ifconfig lo0 inet 10.0.0.1 netmask 0xffffffff alias
> ifconfig lo0 inet 10.0.0.2 netmask 0xffffffff alias
> ifconfig lo0 inet 10.0.0.3 netmask 0xffffffff alias
> -----
> edit squid.conf and
> # to hide the proxy connection
> header_access Via deny all
> header_access X-Forwarded-For deny all
>
> # insert acl for each client
> acl Client1 src 1.2.3.1
> acl Client2 src 1.2.3.2
> acl Client3 src 1.2.3.3
>
> # set tcp_outgoing_address to private IP for each Client
> tcp_outgoing_address 10.0.0.1 Cleint1
> tcp_outgoing_address 10.0.0.2 Cleint2
> tcp_outgoing_address 10.0.0.3 Cleint3
> -----
>
> I hope this helps !!!
>
Received on Thu Jul 07 2005 - 04:09:13 MDT