I think tproxy cannot run in accelerated mode, so a REVERSE transparent proxy seems impossible to setup. There is a phrase in http://wiki.squid-cache.org/Features/Tproxy4 that says: "...The way TPROXYv4 works makes it incompatible with NAT interception, reverse-proxy acceleration, and standard proxy traffic. The intercept, accel and related flags cannot be set on the same http_port with tproxy flag." Is there someone who build a reverse transparent proxy anyway, or is there another way of building one? mtpr escreveu:
I am testing tproxy with a vmware Centos-5.3 virtual server. I installed squid-3.1, iptables-1.4.3 and kernel-2.6.28.3. Everything seems to be working, unless one... There is a proxy behaviour I thought it would be expectable, but I found it doesn't work the way I thought.
Here is the example: If I create a cgi-bin script in a apache webserver that prints the client ip address like this one:
#!/bin/env python # coding: utf-8 import os
print 'Content-Type: text/plain' print print os.environ['REMOTE_ADDR']
I thought that, in a real transparent proxy, it would give me the original client ip address of the browser computer. But no! Like the old transparent proxy way (not tproxy), it prints the ip address of the proxy server. If I want the original ip address, I need to read the environment variable HTTP_X_FORWARDED_FOR. It doesn't seem to be a "real" transparent proxy.
Is this the expectable behaviour, or could be something wrong with the way I setup my tproxy?
mtpr _______________________________________________ tproxy mailing list tproxy@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/tproxy