[squid-users] explicit proxy and iptables

Vieri rentorbuy at yahoo.com
Mon Apr 27 15:27:24 UTC 2020


I've been using Squid + TPROXY in transparent sslbump mode for quite a while now, but I'd like to use an explicit proxy with user authentication instead.

I have Squid on my first firewall/gateway node, and then I have another gateway (node 2) where all the HTTP requests go through, with multiple ISPs.

In transparent tproxy mode, I can obviously mark packets according to the "real" client src IP addresses and then use, eg., different ISPs based on client src addr.

In the explicit setup, the gateway (node 2) only sees one IP address as HTTP source -- the one on the "first node" with the explicit Squid proxy. I presume that in this case there is NO WAY I can somehow inform the gateway on node 2 of the "real" clent IP addresses?

I can imagine the answer to this silly question, but nonetheless I prefer to ask just to make sure. ;-)



More information about the squid-users mailing list