Re: [squid-users] Really transparent proxy

From: Adrian Chadd <adrian@dont-contact.us>
Date: Thu, 17 May 2007 09:09:21 +0800

On Wed, May 16, 2007, Facundo Vilarnovo wrote:
> Colin,
> Thanks a lot for your extensive reply, we were hoping that it would be possible to do a "magical" masquerade, I understand that the one that origins the request to the destination web server was the squid, but I was believing that it would do some kind of "magical" spoofing of the source ip address. We've got offers from bluecoat products, they say that they have a product that can match our requirement.. we were hoping that squid have the same ability.
> Here we have an neighbor ISP, that runs squid proxy servers, with "tproxy" patch, and they could "hide" the squid ip, so when you do a test with any URL the source seems to be the clients ip address. They don't wanna say how they do it.
> I still believe in magic, so I will still investigate how can we do it, even if it means recode the tcp/ip suite.

Squid has that ability starting with Squid-2.6 and TPROXY under Linux.
Its had it for close to a year now. You use WCCPv2 to redirect traffic
in both directions and not just in one direction. YOu setup TPROXY
rules to redirect traffic that the proxy is intersted in, if it sees
traffic for a non-established connection it fires it back at the router.
It works very well for one Squid proxy and WCCPv2.

I'm happy to set this all up in my lab at home and test it out but
paid work takes precedence over fun (which this, for the most part,
is.)

Tell you what. If people who would like to see full documentation,
kernel packages and such for a fully transparent Squid setup with WCCPv2
then how about ye make some small donations to the Squid project.
If I see enough donations coming in I'll spend a weekend setting this
up in the lab, building a fully transparent environment with Linux,
TPROXY, Squid-2.6, WCCPv2 and some non-official patches to make things
even 'more' transparent, and put it all up on the website.

(ObNote: if people who left squid and went commercial would only come
talk to us first, they may find we'd suddenly have the resources to make
Squid a -whole- lot faster, flexible and easier to use, and they'd save
$100k + a proxy. Hm, guess its not too late to do some marketing electives
at university next semester..)

Adrian
Received on Wed May 16 2007 - 19:09:11 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:05 MDT