Is tproxy a real transparent proxy?
I am testing tproxy with a vmware Centos-5.3 virtual server. I installed squid-3.1, iptables-1.4.3 and kernel-2.6.28.3. Everything seems to be working, unless one... There is a proxy behaviour I thought it would be expectable, but I found it doesn't work the way I thought. Here is the example: If I create a cgi-bin script in a apache webserver that prints the client ip address like this one: #!/bin/env python # coding: utf-8 import os print 'Content-Type: text/plain' print print os.environ['REMOTE_ADDR'] I thought that, in a real transparent proxy, it would give me the original client ip address of the browser computer. But no! Like the old transparent proxy way (not tproxy), it prints the ip address of the proxy server. If I want the original ip address, I need to read the environment variable HTTP_X_FORWARDED_FOR. It doesn't seem to be a "real" transparent proxy. Is this the expectable behaviour, or could be something wrong with the way I setup my tproxy? mtpr
Try this link http://wiki.squid-cache.org/Features/Tproxy4 Anyway tproxy is a great project and a real transparenty, without any special performance request, and you can be a sure that you have some configuration problems Best regards Elyasaf -----Original Message----- From: mtpr [mailto:mtpr@carreira.com.pt] Sent: Friday, May 29, 2009 10:08 PM To: tproxy@lists.balabit.hu Subject: [tproxy] Is tproxy a real transparent proxy? I am testing tproxy with a vmware Centos-5.3 virtual server. I installed squid-3.1, iptables-1.4.3 and kernel-2.6.28.3. Everything seems to be working, unless one... There is a proxy behaviour I thought it would be expectable, but I found it doesn't work the way I thought. Here is the example: If I create a cgi-bin script in a apache webserver that prints the client ip address like this one: #!/bin/env python # coding: utf-8 import os print 'Content-Type: text/plain' print print os.environ['REMOTE_ADDR'] I thought that, in a real transparent proxy, it would give me the original client ip address of the browser computer. But no! Like the old transparent proxy way (not tproxy), it prints the ip address of the proxy server. If I want the original ip address, I need to read the environment variable HTTP_X_FORWARDED_FOR. It doesn't seem to be a "real" transparent proxy. Is this the expectable behaviour, or could be something wrong with the way I setup my tproxy? mtpr
I forgot to mention that I'm testing it as a REVERSE proxy, so I can have several internal web servers. mtpr escreveu:
I am testing tproxy with a vmware Centos-5.3 virtual server. I installed squid-3.1, iptables-1.4.3 and kernel-2.6.28.3. Everything seems to be working, unless one... There is a proxy behaviour I thought it would be expectable, but I found it doesn't work the way I thought.
Here is the example: If I create a cgi-bin script in a apache webserver that prints the client ip address like this one:
#!/bin/env python # coding: utf-8 import os
print 'Content-Type: text/plain' print print os.environ['REMOTE_ADDR']
I thought that, in a real transparent proxy, it would give me the original client ip address of the browser computer. But no! Like the old transparent proxy way (not tproxy), it prints the ip address of the proxy server. If I want the original ip address, I need to read the environment variable HTTP_X_FORWARDED_FOR. It doesn't seem to be a "real" transparent proxy.
Is this the expectable behaviour, or could be something wrong with the way I setup my tproxy?
mtpr _______________________________________________ tproxy mailing list tproxy@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/tproxy
I think tproxy cannot run in accelerated mode, so a REVERSE transparent proxy seems impossible to setup. There is a phrase in http://wiki.squid-cache.org/Features/Tproxy4 that says: "...The way TPROXYv4 works makes it incompatible with NAT interception, reverse-proxy acceleration, and standard proxy traffic. The intercept, accel and related flags cannot be set on the same http_port with tproxy flag." Is there someone who build a reverse transparent proxy anyway, or is there another way of building one? mtpr escreveu:
I am testing tproxy with a vmware Centos-5.3 virtual server. I installed squid-3.1, iptables-1.4.3 and kernel-2.6.28.3. Everything seems to be working, unless one... There is a proxy behaviour I thought it would be expectable, but I found it doesn't work the way I thought.
Here is the example: If I create a cgi-bin script in a apache webserver that prints the client ip address like this one:
#!/bin/env python # coding: utf-8 import os
print 'Content-Type: text/plain' print print os.environ['REMOTE_ADDR']
I thought that, in a real transparent proxy, it would give me the original client ip address of the browser computer. But no! Like the old transparent proxy way (not tproxy), it prints the ip address of the proxy server. If I want the original ip address, I need to read the environment variable HTTP_X_FORWARDED_FOR. It doesn't seem to be a "real" transparent proxy.
Is this the expectable behaviour, or could be something wrong with the way I setup my tproxy?
mtpr _______________________________________________ tproxy mailing list tproxy@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/tproxy
On Wed, 2009-06-03 at 22:43 +0100, mtpr wrote:
I think tproxy cannot run in accelerated mode, so a REVERSE transparent proxy seems impossible to setup. There is a phrase in http://wiki.squid-cache.org/Features/Tproxy4 that says: "...The way TPROXYv4 works makes it incompatible with NAT interception, reverse-proxy acceleration, and standard proxy traffic. The intercept, accel and related flags cannot be set on the same http_port with tproxy flag."
Is there someone who build a reverse transparent proxy anyway, or is there another way of building one?
I don't see why this would be the case. We are doing reverse proxying without problems with our Zorp firewall product (which we implemented TProxy for) -- Bazsi
participants (3)
-
Balazs Scheidler
-
elyasaf
-
mtpr