Re: [squid-users] How to set the IP of the real originator in HTTP requests (instead of Squid's IP)?

From: Amos Jeffries <>
Date: Tue, 06 Dec 2011 11:38:12 +1300

 On Mon, 5 Dec 2011 17:31:45 +0100, Leonardo wrote:
> On Thu, Dec 1, 2011 at 1:18 PM, Amos Jeffries wrote:
>> Squid supports transparent proxy (not the NAT interception people
>> call the
>> same).
> My Squid is already compiled to function as transparent:
> Squid Cache: Version 3.1.7
> configure options: '--enable-linux-netfilter' '--enable-wccp'
> '--prefix=/usr' '--localstatedir=/var' '--libexecdir=/lib/squid'
> '--srcdir=.' '--datadir=/share/squid' '--sysconfdir=/etc/squid'
> 'CPPFLAGS=-I../libltdl' --with-squid=/root/squid-3.1.7
> --enable-ltdl-convenience
> Is Tproxy4 a kind of super-transparent feature (i.e. does it allow
> the
> next-hop to see the client IP instead of the Squid IP)?

 The 'T' in TPROXY means 'transparent'. It is transparent down to the IP
 layer. Like glass, transparent both ways. Neither end aware the proxy is
 present unless they explicitly do some active tests to identify it.

 Where that thing properly called "NAT interception", which a lot of
 people wrongly call "transparent", is not transparent at all. It is HTTP
 *translation* (the 'T' in NAT). Like one-way mirrors. with the Server
 facing the mirror and trivially able to see that something is in the

Received on Mon Dec 05 2011 - 22:38:15 MST

This archive was generated by hypermail 2.2.0 : Tue Dec 06 2011 - 12:00:03 MST