tis 2009-09-15 klockan 14:43 +1200 skrev Amos Jeffries: > > Yes, but here we are talking about the other side, when Squid makes the > > outgoing connection. That part do not need to depend in any way on how > > We are talking about setting http_port (incoming) options. Or so I thought. I am not sure where such setting belongs, but probably not http_port as it does not really have to do with how the request is accepted only with how it's forwarded. > That would be some other functionality not related to what the existing > http_port tproxy flag does. Spoofing without handling inbound spoofed > requests. IMO it is as nice to use as a certain login function turned out > to be. Exactly. > You can try it I suppose. I suspect there is likely some kernel > implementation bits that prevent random IP spoofing though. The only limit > in Squid is that spoof_client_ip flag must be set before tcp outgoing > address is selected. The only limit I know of is that the application needs to have the appropriate privileges, and TPROXY needs to be enabled in the kernel obviously. Regards Henrik
