[tproxy] Squid doesn't seem to spoof client ip address.
KOVACS Krisztian
hidden at sch.bme.hu
Thu Dec 4 13:11:57 CET 2008
Hi,
On v, nov 30, 2008 at 07:13:22 +0100, Przemysław Kudyba wrote:
> Hello.
>
> I have set up fully transpatent http proxy, my problem is:
> squid sends requests with ip:port of te box running squid instead of
> clients ip.
>
> Here's my config:
>
> kernel patch: tproxy4-2.6.26-200809262032
> iptables patch: tproxy-iptables-1.4.0-20080521-113954-1211362794
> squid: squid-3.HEAD-20081127
>
>
> iptables & iproute rules:
> >
> > iptables -t mangle -N DIVERT
> > iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
> >
> >
> > iptables -t mangle -A DIVERT -j MARK --set-mark 1
> > iptables -t mangle -A DIVERT -j ACCEPT
> >
> > iptables -t mangle -A PREROUTING -i eth0 -p tcp --dport 80 -j TPROXY
> > --on-port 3128 --tproxy-mark 0x1/0x1
> >
> > ip rule add fwmark 1 lookup 100
> > ip route add local 0.0.0.0/0 dev lo table 100
> >
> squid conf:
> > http_port 192.168.250.2:3128 tproxy
>
> 217.97.174.18 - my laptop
> 212.77.100.101 - some www page
Do you have other http_ports defined? Does it change anything if you use
http_port 3128 tproxy
that is, you omit the IP from the listener config?
If not, can you get detailed debug logs from squid?
--
KOVACS Krisztian
More information about the tproxy
mailing list