[squid-users] Tproxy without spoofed source address

From: Steve Hill <steve_at_opendium.com>
Date: Wed, 28 Nov 2012 12:24:12 +0000

I need to transparently proxy traffic, and the best way to do this seems
to be to use tproxy, since that allows IPv6 traffic to be supported.
However, when using tproxy, Squid spoofs the client's source address
when making the connection to the web server - this is something I don't
need, and breaks requests that end up going to web servers on the local
network since the return traffic from the web server ends up going
straight back to the client instead of back to Squid.

So far the only way I've found to disable the spoofing behaviour is to
send the traffic via a non-transparent upstream proxy. Is there some
way to turn off source address spoofing without using a second proxy?

  - Steve Hill
    Technical Director
    Opendium Limited     http://www.opendium.com
Direct contacts:
    Instant messager: xmpp:steve_at_opendium.com
    Email:            steve_at_opendium.com
    Phone:            sip:steve_at_opendium.com
Sales / enquiries contacts:
    Email:            sales_at_opendium.com
    Phone:            +44-844-9791439 / sip:sales_at_opendium.com
Support contacts:
    Email:            support_at_opendium.com
    Phone:            +44-844-4844916 / sip:support_at_opendium.com
Received on Wed Nov 28 2012 - 12:24:17 MST

This archive was generated by hypermail 2.2.0 : Thu Nov 29 2012 - 12:00:05 MST