[tproxy] Is tproxy a real transparent proxy?
mtpr
mtpr at carreira.com.pt
Wed Jun 3 23:43:12 CEST 2009
I think tproxy cannot run in accelerated mode, so a REVERSE transparent
proxy seems impossible to setup.
There is a phrase in http://wiki.squid-cache.org/Features/Tproxy4 that says:
"...The way TPROXYv4 works makes it incompatible with NAT interception,
reverse-proxy acceleration, and standard proxy traffic. The intercept,
accel and related flags cannot be set on the same http_port with tproxy
flag."
Is there someone who build a reverse transparent proxy anyway, or is
there another way of building one?
mtpr escreveu:
> I am testing tproxy with a vmware Centos-5.3 virtual server.
> I installed squid-3.1, iptables-1.4.3 and kernel-2.6.28.3.
> Everything seems to be working, unless one...
> There is a proxy behaviour I thought it would be expectable, but I found
> it doesn't work the way I thought.
>
> Here is the example:
> If I create a cgi-bin script in a apache webserver that prints the
> client ip address like this one:
>
> #!/bin/env python
> # coding: utf-8
> import os
>
> print 'Content-Type: text/plain'
> print
> print os.environ['REMOTE_ADDR']
>
> I thought that, in a real transparent proxy, it would give me the
> original client ip address of the browser computer.
> But no!
> Like the old transparent proxy way (not tproxy), it prints the ip
> address of the proxy server.
> If I want the original ip address, I need to read the environment
> variable HTTP_X_FORWARDED_FOR.
> It doesn't seem to be a "real" transparent proxy.
>
> Is this the expectable behaviour, or could be something wrong with the
> way I setup my tproxy?
>
>
> mtpr
> _______________________________________________
> tproxy mailing list
> tproxy at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/tproxy
More information about the tproxy
mailing list