On 22/09/11 00:42, Saleh Madi wrote:
Hi, Squid not spoofing the client IP, with following http_port line in squid : http_port 3129 tproxy everything seems to be working and squid run with these messages in cache.log 2011/09/21 14:36:15 kid1| Accepting TPROXY spoofing HTTP Socket connections at local=[::]:3129 remote=[::] FD 17 flags =25 my requests seems to be redirected to port 3129 as I expected and the pages are loading propertly. But the problem is that when I go to site http://www.whatismyip.com/ it gives me the cache ip address instead of my own client ip address. here is the cache log output for one of my requests :
www.whatismyip.com uses many methods based on information outside of IP to find details about the connection. This is NOT a sign of failure.
2011/09/21 14:38:00.720 kid1| Intercept.cc(343) Lookup: address BEGIN: me/client= 67.202.66.200:80, destination/me= 192.168.88.100:51084 2011/09/21 14:38:00.720 kid1| Intercept.cc(149) NetfilterTransparent: address TPROXY: local=67.202.66.200:80 remote=192.168.88.100 FD 47 flags=17
<snip>
This means that the client ip spoofing is not working with tproxy4. Can any guide me ?
This means TPROXY *is* successfully arriving into Squid. There is zero information about the spoofing parts here.
The only reliable way to determine the spoofing success/failure is to tcpdump the packets leaving the squid box. _all packets_, make no assumptions about the IPs for the dump. On success you will see packets from client IPs leaving the Squid box towards the Internet.
On failure you will see the Squid box IP being used, or something else. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.15 Beta testers wanted for 3.2.0.12
