Hello. I have set up fully transpatent http proxy, my problem is: squid sends requests with ip:port of te box running squid instead of clients ip. Here's my config: kernel patch: tproxy4-2.6.26-200809262032 iptables patch: tproxy-iptables-1.4.0-20080521-113954-1211362794 squid: squid-3.HEAD-20081127 iptables & iproute rules:
iptables -t mangle -N DIVERT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -i eth0 -p tcp --dport 80 -j TPROXY --on-port 3128 --tproxy-mark 0x1/0x1
ip rule add fwmark 1 lookup 100 ip route add local 0.0.0.0/0 dev lo table 100
squid conf:
http_port 192.168.250.2:3128 tproxy
217.97.174.18 - my laptop 212.77.100.101 - some www page tcpdump : 19:06:01.736342 IP 217.97.174.18.53401 > 192.168.250.2.80: S 2658655945:2658655945(0) win 5840 <mss 1440,sackOK,timestamp 6961615 0,nop,wscale 5> 19:06:01.736597 IP 192.168.250.2.80 > 217.97.174.18.53401: S 2655745023:2655745023(0) ack 2658655946 win 5792 <mss 1460,sackOK,timestamp 2617146 6961615,nop,wscale 7> 19:06:01.745935 IP 217.97.174.18.53401 > 192.168.250.2.80: . ack 1 win 183 <nop,nop,timestamp 6961619 2617146> 19:06:15.648614 IP 217.97.174.18.53401 > 192.168.250.2.80: P 1:29(28) ack 1 win 183 <nop,nop,timestamp 6975524 2617146> 19:06:15.648681 IP 192.168.250.2.80 > 217.97.174.18.53401: . ack 29 win 46 <nop,nop,timestamp 2620624 6975524> 19:06:17.130355 IP 217.97.174.18.53401 > 192.168.250.2.80: P 29:31(2) ack 1 win 183 <nop,nop,timestamp 6977004 2620624> 19:06:17.130447 IP 192.168.250.2.80 > 217.97.174.18.53401: . ack 31 win 46 <nop,nop,timestamp 2620994 6977004> 19:06:17.131289 IP 192.168.250.2.59447 > 212.77.100.101.80: S 2887325147:2887325147(0) win 5840 <mss 1460,sackOK,timestamp 2620994 0,nop,wscale 7> 19:06:17.353255 IP 217.97.174.18.34317 > 192.168.250.2.80: S 2917413960:2917413960(0) win 5840 <mss 1440,sackOK,timestamp 6977231 0,nop,wscale 5> 19:06:17.353338 IP 192.168.250.2.80 > 217.97.174.18.34317: S 2895521199:2895521199(0) ack 2917413961 win 5792 <mss 1460,sackOK,timestamp 2621050 6977231,nop,wscale 7> 19:06:17.357848 IP 217.97.174.18.34317 > 192.168.250.2.80: . ack 1 win 183 <nop,nop,timestamp 6977235 2621050> 19:06:17.358077 IP 217.97.174.18.34317 > 192.168.250.2.80: P 1:360(359) ack 1 win 183 <nop,nop,timestamp 6977235 2621050> 19:06:17.358133 IP 192.168.250.2.80 > 217.97.174.18.34317: . ack 360 win 54 <nop,nop,timestamp 2621051 6977235> 19:06:17.358230 IP 192.168.250.2.39336 > 217.97.173.21.80: S 2890323424:2890323424(0) win 5840 <mss 1460,sackOK,timestamp 2621051 0,nop,wscale 7> 19:06:17.358467 IP 217.97.173.21.80 > 192.168.250.2.39336: S 3189038941:3189038941(0) ack 2890323425 win 5792 <mss 1460,sackOK,timestamp 117140974 2621051,nop,wscale 7> 19:06:17.358530 IP 192.168.250.2.39336 > 217.97.173.21.80: . ack 1 win 46 <nop,nop,timestamp 2621051 117140974> 19:06:17.358671 IP 192.168.250.2.39336 > 217.97.173.21.80: P 1:462(461) ack 1 win 46 <nop,nop,timestamp 2621051 117140974> 19:06:17.358958 IP 217.97.173.21.80 > 192.168.250.2.39336: . ack 462 win 54 <nop,nop,timestamp 117140975 2621051> 19:06:17.427512 IP 217.97.173.21.80 > 192.168.250.2.39336: . 1:1449(1448) ack 462 win 54 <nop,nop,timestamp 117140992 2621051>