On Sun, 13 Jun 2004, Vladimir Potapov wrote: > Now we using squid as a trasparent proxy and it work very fine. > To share internet we using VPN and each client appropriate real IP. > The clients serfing internet through transparent proxy. > We want to using transparent proxy that it did not substitute clients real > IP to external IP of proxy.If squid does not support this feature, what > piece of code we need to rewrite?
I assume you ask for a setup where the clients real IP is still used when Squid makes the request to the origin server instead of the IP address of your Squid server. For this you need a) A network setup where this is possible. This kind of spoofing of the client IP requires very strict network designs to work. b) A server OS allowing Squid to spoof the client IP. Linux with the TPROXY patch (see Netfilter patch-o-matic-ng) is one such OS. c) Squid modified to make use of the feature in 'b' when making connections to the network. Or alternatively you can do the same by using a list of private IP addresses (one per client) in tcp_outgoing_address and then NAT these back to the clients real IP before leaving your network. This requires no modifications to your OS or Squid, but does require a NAT function/device before the traffic leaves your network. But for many servers this is not needed. Squid does by default announce the original client header in it's X-Forwarded-For header. Regards Henrik
