[squid-users] Transparent Squid
Matus UHLAR - fantomas
uhlar at fantomas.sk
Tue Nov 28 13:03:43 UTC 2017
On 27.11.17 11:24, LINGYUN ZHAO wrote:
>I need Squid as a real 'transparent' proxy on Fedora without changing 5
>tuples. Is it possible?
tuples?
>The setup is simple as Client ---------- Fedora --------Server
is fedora NAT device and also running squid?
>The Squid version is 3.5.20.The key configuration on Squid as below:
>
> http_port 0.0.0.0:3128 transparent
>
> acl localnet src 10.0.0.0/24
>
> http_access allow localnet
>
>And I configured a NAT on Fedora.
>
> iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to
>10.0.0.1:3128
this only works if "fedora" does the NAT and runs squid.
(just for sure)
>When I run curl on Client to server. I found the server receives the
>traffic with Fedora's IP address and different source port, instead of
>Client IP address and original source port.
when you redirect traffic tyo the squid and squid connect to the server,
it's logical that server sees squid's IP.
if you want to keep source client's IP, you need tproxy:
https://wiki.squid-cache.org/Features/Tproxy4
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Due to unexpected conditions Windows 2000 will be released
in first quarter of year 1901
More information about the squid-users
mailing list