[squid-users] changing squid explicit mode to transparent mode
Amos Jeffries
squid3 at treenet.co.nz
Fri May 28 02:21:10 UTC 2021
On 27/05/21 8:43 pm, simon ben wrote:
> Dear All,
>
> I have the below setup running perfectly for a couple of years
>
> Centos 8 X64
> squid-4.11-3
>
> configured in explicit mode so all client machines have the proxy IP
> configured in their browser
>
> Recently we have got a security cloud solution which requires the source
> IP of the client machine
>
Okay. Have you looked into the ways it will accept that IP address?
Does it actually require direct connections from each client?
In that case you need to use TPROXY feature.
Otherwise,
You may be able to simply send a custom header containing the client's
IP. "Forwarded:" is the standard header for that use, there are also
many application-specific headers names around.
> Since I have to configure the squid in transparent mode so the client
> source IP is visible and as required for transparent mode config i need
> to change the gateway to my squid server IP .
>
> 1 ) Is there any way so that I retain the source client PC IP in the
> current setup ????
Please define "retain".
>
> 2 ) if only way possible is by reconfiguringĀ my current proxy to
> transparent mode then if there is some way without changing the client
> pc Gateway
> Right Now the default gateway of the client PC is our Core switch vlan
> ip address.
>
Any commercial router should provide capabilities to *route* client
packets to Squid machine and Squid's outbound to wherever they need to go.
Note that doing it this way can *double* or even triple the amount of
traffic load that switch is handling when Squid is in the same subnet as
the clients.
Amos
More information about the squid-users
mailing list