On 22/09/11 00:42, Saleh Madi wrote:
Hi,
Squid not spoofing the client IP, with following http_port line in squid :
http_port 3129 tproxy everything seems to be working and squid run with
these messages in cache.log
2011/09/21 14:36:15 kid1| Accepting TPROXY spoofing HTTP Socket
connections at local=[::]:3129 remote=[::] FD 17 flags
=25
my requests seems to be redirected to port 3129 as I expected and the
pages are loading propertly. But the problem is that when I go to site
http://www.whatismyip.com/ it gives me the cache ip address instead of my
own client ip address. here is the cache log output for one of my requests
:
www.whatismyip.com uses many methods based on information outside of IP
to find details about the connection. This is NOT a sign of failure.
2011/09/21 14:38:00.720 kid1| Intercept.cc(343) Lookup: address BEGIN:
me/client= 67.202.66.200:80, destination/me= 192.168.88.100:51084
2011/09/21 14:38:00.720 kid1| Intercept.cc(149) NetfilterTransparent:
address TPROXY: local=67.202.66.200:80 remote=192.168.88.100 FD 47
flags=17
<snip>
This means that the client ip spoofing is not working with tproxy4. Can
any guide me ?
This means TPROXY *is* successfully arriving into Squid. There is zero
information about the spoofing parts here.
The only reliable way to determine the spoofing success/failure is to
tcpdump the packets leaving the squid box. _all packets_, make no
assumptions about the IPs for the dump.
On success you will see packets from client IPs leaving the Squid box
towards the Internet.
On failure you will see the Squid box IP being used, or something else.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.15
Beta testers wanted for 3.2.0.12
