On 22/09/11 00:42, Saleh Madi wrote:
> Hi,
>
> Squid not spoofing the client IP, with following http_port line in squid :
> http_port 3129 tproxy everything seems to be working and squid run with
> these messages in cache.log
>
> 2011/09/21 14:36:15 kid1| Accepting TPROXY spoofing HTTP Socket
> connections at local=[::]:3129 remote=[::] FD 17 flags
> =25
>
> my requests seems to be redirected to port 3129 as I expected and the
> pages are loading propertly. But the problem is that when I go to site
> http://www.whatismyip.com/ it gives me the cache ip address instead of my
> own client ip address. here is the cache log output for one of my requests
> :
www.whatismyip.com uses many methods based on information outside of IP
to find details about the connection. This is NOT a sign of failure.
>
> 2011/09/21 14:38:00.720 kid1| Intercept.cc(343) Lookup: address BEGIN:
> me/client= 67.202.66.200:80, destination/me= 192.168.88.100:51084
> 2011/09/21 14:38:00.720 kid1| Intercept.cc(149) NetfilterTransparent:
> address TPROXY: local=67.202.66.200:80 remote=192.168.88.100 FD 47
> flags=17
<snip>
>
>
> This means that the client ip spoofing is not working with tproxy4. Can
> any guide me ?
This means TPROXY *is* successfully arriving into Squid. There is zero
information about the spoofing parts here.
The only reliable way to determine the spoofing success/failure is to
tcpdump the packets leaving the squid box. _all packets_, make no
assumptions about the IPs for the dump.
On success you will see packets from client IPs leaving the Squid box
towards the Internet.
On failure you will see the Squid box IP being used, or something else.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.15 Beta testers wanted for 3.2.0.12Received on Wed Sep 21 2011 - 13:20:11 MDT
This archive was generated by hypermail 2.2.0 : Wed Sep 21 2011 - 12:00:02 MDT