[tproxy] Squid doesn't seem to spoof client ip address.

KOVACS Krisztian hidden at sch.bme.hu
Thu Dec 4 13:11:57 CET 2008


Hi,

On v, nov 30, 2008 at 07:13:22 +0100, Przemysław Kudyba wrote:
> Hello.
> 
> I have set up fully transpatent http proxy, my problem is:
> squid sends requests with ip:port of te box running squid instead of
> clients ip.
> 
> Here's my config:
> 
> kernel patch: tproxy4-2.6.26-200809262032
> iptables patch: tproxy-iptables-1.4.0-20080521-113954-1211362794
> squid: squid-3.HEAD-20081127
> 
> 
> iptables & iproute rules:
> >
> > iptables -t mangle -N DIVERT
> > iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
> >
> >
> > iptables -t mangle -A DIVERT -j MARK --set-mark 1
> > iptables -t mangle -A DIVERT -j ACCEPT
> >
> > iptables -t mangle -A PREROUTING -i eth0 -p tcp --dport 80 -j TPROXY
> > --on-port 3128 --tproxy-mark 0x1/0x1
> >
> > ip rule add fwmark 1 lookup 100
> > ip route add local 0.0.0.0/0 dev lo table 100
> >
> squid conf:
> > http_port 192.168.250.2:3128 tproxy
> 
> 217.97.174.18 - my laptop
> 212.77.100.101  - some www page

Do you have other http_ports defined? Does it change anything if you use

http_port 3128 tproxy

that is, you omit the IP from the listener config?

If not, can you get detailed debug logs from squid?

-- 
KOVACS Krisztian


More information about the tproxy mailing list