On Mon, 19 Sep 2011 14:59:54 +0700, Khemara Lyn wrote:
On 09/18/2011 04:38 PM, Saleh Madi wrote:
Dears,
How could I configure the squid appear the clients real IP address
instead of the squid IP address,
the problem is that all clients get the same IP address which make
problems in file sharing websites like mega upload, rapidshare and
others websites
we use squid in transparent mode with WCCP , please advice how to
resolve this problem.
Many thanks,
Saleh Madi
Hi,
I have the same query but doubt if it is possible at all, esp. with
WCCP.
What I could do so far is that, I configure the Squid box to have
multiple IPs and multiple gateways (5 of them) with IPRoute2, "ip
route". Each time, it could appear as a different IP but still get
blocked by those file-sharing Web sites as you mentioned.
I would greatly appreciate for any better idea.
Thanks & regards,
Khem
WCCP passes packets unchanged to the Squid box.
You need two things:
1) to pass the IP through, using "forwarded_for on". Which permits
Squid to send the X-Forwarded-For header with Client IP.
2) the website to be smart enough to make use of the header. Some
sites do not support or choose not to trust that HTTP header.
Alternatively you could setup a transparent proxy with the TPROXY
feature. Spoofing the client inbound IP on the outbound traffic. This
does work with WCCP, but is a bit tricky.
http://wiki.squid-cache.org/Features/Tproxy4
Amos