On Sun, 13 Jun 2004, Vladimir Potapov wrote:

> Now we using squid as a trasparent proxy and it work very fine.
> To share internet we using VPN and each client appropriate real IP.
> The clients serfing internet through transparent proxy.
> We want to using transparent proxy that it did not substitute clients real
> IP to external IP of proxy.If squid does not support this feature, what
> piece of code we need to rewrite?

I assume you ask for a setup where the clients real IP is still used when 
Squid makes the request to the origin server instead of the IP address of 
your Squid server.

For this you need

 a) A network setup where this is possible. This kind of spoofing of the 
client IP requires very strict network designs to work.

 b) A server OS allowing Squid to spoof the client IP. Linux with the 
TPROXY patch (see Netfilter patch-o-matic-ng) is one such OS.

 c) Squid modified to make use of the feature in 'b' when making 
connections to the network.

Or alternatively you can do the same by using a list of private IP 
addresses (one per client) in tcp_outgoing_address and then NAT these back 
to the clients real IP before leaving your network. This requires no 
modifications to your OS or Squid, but does require a NAT function/device 
before the traffic leaves your network.

But for many servers this is not needed. Squid does by default announce
the original client header in it's X-Forwarded-For header.

Regards
Henrik

Reply via email to