Search squid archive

Re: How to set the IP of the real originator in HTTP requests (instead of Squid's IP)?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 5 Dec 2011 17:31:45 +0100, Leonardo wrote:
On Thu, Dec 1, 2011 at 1:18 PM, Amos Jeffries wrote:
Squid supports transparent proxy (not the NAT interception people call the
same).
http://wiki.squid-cache.org/Features/Tproxy4


My Squid is already compiled to function as transparent:
Squid Cache: Version 3.1.7
configure options:  '--enable-linux-netfilter' '--enable-wccp'
'--prefix=/usr' '--localstatedir=/var' '--libexecdir=/lib/squid'
'--srcdir=.' '--datadir=/share/squid' '--sysconfdir=/etc/squid'
'CPPFLAGS=-I../libltdl' --with-squid=/root/squid-3.1.7
--enable-ltdl-convenience

Is Tproxy4 a kind of super-transparent feature (i.e. does it allow the
next-hop to see the client IP instead of the Squid IP)?

The 'T' in TPROXY means 'transparent'. It is transparent down to the IP layer. Like glass, transparent both ways. Neither end aware the proxy is present unless they explicitly do some active tests to identify it.

Where that thing properly called "NAT interception", which a lot of people wrongly call "transparent", is not transparent at all. It is HTTP *translation* (the 'T' in NAT). Like one-way mirrors. with the Server facing the mirror and trivially able to see that something is in the way.

Amos



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux