Zul, we already do that... it doesn't chance anything :( I don't remember right now how it was but, in option 1 via off, forward off, show that I'm BEHIND a proxy, but show the client ip address. Option 2: Without via and forward doesn't, but shows the squid ip address, instead the clients ip, I don't know if you understand me :( But it was something like that :( Tnxs to all Facundo Vilarnovo -----Mensaje original----- De: Facundo Vilarnovo [mailto:fvilarnovo@xxxxxxxxxx] Enviado el: Miércoles, 16 de Mayo de 2007 12:50 a.m. Para: squid-users@xxxxxxxxxxxxxxx CC: Nicolas Royo Asunto: RE: Really transparent proxy Here it goes! #####squid Conf.##### http_port 3128 tproxy transparent hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? cache deny QUERY acl apache rep_header Server ^Apache broken_vary_encoding allow apache access_log /usr/local/squid/var/logs/access.log squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports acl our_networks src 0.0.0.0/0.0.0.0 http_access allow our_networks http_access deny all http_reply_access allow all icp_access allow all visible_hostname debian-sq wccp2_router y.y.y.y wccp_version 4 wccp2_forwarding_method 1 wccp2_return_method 1 wccp2_assignment_method 1 coredump_dir /usr/local/squid/var/cache ###### end of file ##### Here are the Iptables: squid-RC9:/usr/local/squid/etc# iptables -L -t tproxy Chain PREROUTING (policy ACCEPT) target prot opt source destination TPROXY tcp -- anywhere anywhere tcp dpt:www TPROXY redirect 0.0.0.0:3128 TPROXY tcp -- anywhere anywhere tcp dpt:www TPROXY redirect 0.0.0.0:80 TPROXY tcp -- anywhere anywhere tcp dpt:www TPROXY redirect 0.0.0.0:80 TPROXY tcp -- anywhere anywhere tcp dpt:www TPROXY redirect 0.0.0.0:3128 Chain OUTPUT (policy ACCEPT) target prot opt source destination if any extra info is needed i have no problem to postit! Thnxs all!! Facundo Vilarnovo -----Mensaje original----- De: Facundo Vilarnovo [mailto:fvilarnovo@xxxxxxxxxx] Enviado el: Miércoles, 16 de Mayo de 2007 12:26 a.m. Para: zulkarnain; squid-users@xxxxxxxxxxxxxxx CC: Nicolas Royo Asunto: RE: Really transparent proxy Here it goes! #####squid Conf.##### http_port 3128 tproxy transparent hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? cache deny QUERY acl apache rep_header Server ^Apache broken_vary_encoding allow apache access_log /usr/local/squid/var/logs/access.log squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports acl our_networks src 0.0.0.0/0.0.0.0 http_access allow our_networks http_access deny all http_reply_access allow all icp_access allow all visible_hostname debian-sq wccp2_router y.y.y.y wccp_version 4 wccp2_forwarding_method 1 wccp2_return_method 1 wccp2_assignment_method 1 coredump_dir /usr/local/squid/var/cache ###### end of file ##### Here are the Iptables: squid-RC9:/usr/local/squid/etc# iptables -L -t tproxy Chain PREROUTING (policy ACCEPT) target prot opt source destination TPROXY tcp -- anywhere anywhere tcp dpt:www TPROXY redirect 0.0.0.0:3128 TPROXY tcp -- anywhere anywhere tcp dpt:www TPROXY redirect 0.0.0.0:80 TPROXY tcp -- anywhere anywhere tcp dpt:www TPROXY redirect 0.0.0.0:80 TPROXY tcp -- anywhere anywhere tcp dpt:www TPROXY redirect 0.0.0.0:3128 Chain OUTPUT (policy ACCEPT) target prot opt source destination if any extra info is needed i have no problem to postit! Thnxs all!! Facundo Vilarnovo -----Mensaje original----- De: zulkarnain [mailto:sizulku@xxxxxxxxx] Enviado el: Martes, 15 de Mayo de 2007 11:22 p.m. Para: Facundo Vilarnovo; squid-users@xxxxxxxxxxxxxxx CC: Nicolas Royo Asunto: RE: Really transparent proxy --- Facundo Vilarnovo <fvilarnovo@xxxxxxxxxx> wrote: > Now we got squid+wccp+tproxy module working but, > some sites like http://www.whatsmyipaddress.com/ > shows the client origin ip address (that's correct) > and ALSO shows that is behind and PROXY!, any ideas > of what can be wrong?, if is needed we may post our > configuration file of squid! > Have you turn OFF "via" and "forwarded_for" on your squid.conf? -Zul ________________________________________________________________________ ____________ The fish are biting. Get more visitors on your site using Yahoo! Search Marketing. http://searchmarketing.yahoo.com/arp/sponsoredsearch_v2.php
