Search squid archive

Re: Squid - Not replace source IP address

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Amos Jeffries-2 wrote:
> 
> On Tue, 4 Aug 2009 17:01:45 -0700 (PDT), casket88
> <jamespeek@xxxxxxxxxxxxxxxx> wrote:
>> Hi,
>> 
>> We have several interconnected branches on their own networks. I would
> like
>> to shut off web access directly from all branches except head office.
>> 
>> We have an Untangle gateway configured as a transparent bridge at head
>> office that all traffic passes through. I would like to keep on using
> this
>> for content filtering and logging. However I want a Squid server to be
> able
>> to accept connections from our branches, use its caching and then
> redirect
>> it out through the Untangle gateway for loggin. We will be redirecting
> all
>> web traffic on our Cisco routers at each branch to the proxy server.
>> 
>> I have Squid set up to allow connections from all our internal networks
> and
>> set up IPtables with the following command:
>> 
>> ptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
>> --to-port
>> 3128
>> 
>> This all works fine and I am able to surf throguh the proxy, which
> appears
>> to be caching correctly and forwarding it to our gateway which performs
> the
>> content filtering and logging. The only problem is that through the NAT
>> process the source IP address is replaced with that of the Squid's and is
>> logged accordingly.
> 
> Yes. This is how NAT operates.
> 
>> 
>> How would I go about configuring Squid to accept connections, cache them
>> and
>> then forward the request on to the webserver via the gateway WITHOUT
>> replacing the source IP address?
> 
> Get rid of NAT and use TPROXY for the capture instead.
> 
>> 
>> In summary: user requests connection to website on port 80, request
>> transparently redirected to Squid on Cisco router, Squid accepts it and
>> forwards it to webserver through gateway.
> 
> NP: Your word 'transparently redirected' appears to mean 'routed' in that
> paragraph. Please use the word 'transparent' less
> /rant.
> 

The useage of the word "transparent" is in reference to the users, it is
transparent to them. Transparent is a good word, I think I'll use it more.

Regardless, I will look in to TPROXY.

Thanks. 


-- 
View this message in context: http://www.nabble.com/Squid---Not-replace-source-IP-address-tp24818364p24818555.html
Sent from the Squid - Users mailing list archive at Nabble.com.


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux