On Wed, May 16, 2007, Facundo Vilarnovo wrote: > Colin, > Thanks a lot for your extensive reply, we were hoping that it would be possible to do a "magical" masquerade, I understand that the one that origins the request to the destination web server was the squid, but I was believing that it would do some kind of "magical" spoofing of the source ip address. We've got offers from bluecoat products, they say that they have a product that can match our requirement.. we were hoping that squid have the same ability. > Here we have an neighbor ISP, that runs squid proxy servers, with "tproxy" patch, and they could "hide" the squid ip, so when you do a test with any URL the source seems to be the clients ip address. They don't wanna say how they do it. > I still believe in magic, so I will still investigate how can we do it, even if it means recode the tcp/ip suite. Squid has that ability starting with Squid-2.6 and TPROXY under Linux. Its had it for close to a year now. You use WCCPv2 to redirect traffic in both directions and not just in one direction. YOu setup TPROXY rules to redirect traffic that the proxy is intersted in, if it sees traffic for a non-established connection it fires it back at the router. It works very well for one Squid proxy and WCCPv2. I'm happy to set this all up in my lab at home and test it out but paid work takes precedence over fun (which this, for the most part, is.) Tell you what. If people who would like to see full documentation, kernel packages and such for a fully transparent Squid setup with WCCPv2 then how about ye make some small donations to the Squid project. If I see enough donations coming in I'll spend a weekend setting this up in the lab, building a fully transparent environment with Linux, TPROXY, Squid-2.6, WCCPv2 and some non-official patches to make things even 'more' transparent, and put it all up on the website. (ObNote: if people who left squid and went commercial would only come talk to us first, they may find we'd suddenly have the resources to make Squid a -whole- lot faster, flexible and easier to use, and they'd save $100k + a proxy. Hm, guess its not too late to do some marketing electives at university next semester..) Adrian
