Search squid archive

Re: Is it possible to set tproxy at httpd-accel mode?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



tis 2009-09-15 klockan 12:28 +1200 skrev Amos Jeffries:

> The big reason is that TPROXY passes the IPs to Squid inverted via
> accept(). There is no probe like the NAT ORIGINAL_DST to separate the
> TPROXY and non-TPROXY received connections. The only way to identify this
> IP inversion is the flags in squid.conf.

Yes, but here we are talking about the other side, when Squid makes the
outgoing connection. That part do not need to depend in any way on how
the request arrived at Squid, just on where the request is heading
(routing of return traffic for the client via Squid server).

Should in theory work to enable tproxy spoofing even for normal proxied
connections.

Regards
Henrik


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux