On 11/05/2015 11:27 p.m., Ambadas Hibare wrote: > Hi, > > The problem is many clients are already preconfigured with proxy ip/port settings due to previous setup. > huh? your "problem" is that clients are setup correctly? TPROXY and NAT interception (aka. hjacking attack on users) are the *hacked workaround* way to do proxying when one has no better choices due to broken UA implementation or configuration. It also has nothing to do with the Squid->server connections. So I ask again, why do you say you are required to perform IP spoofing (aka. forgery of users identification details) on outbound server connections? I think that you or someone setting the requirements is mistaken about what is needed. Possibly even mistaken about what some problem is. ... Clients which *are* configured to use a proxy explicitly, can continue to use Squid as that proxy. If the proxy receiving IP or domain has changed the traffic can be NAT'ed to the new proxy with no need to change anything - not even configure Squid with "intercept" flags. Clients which are *not* configured to use the proxy, but needing to be gatewayed through it need to be TPROXY or NAT intercepted. But only as per common "normal" client connection interception. In both cases the server connections will "just work" when proxied without TPROXY spoofing. If TPROXY spoofing is performed the routing needs special configuration we have been over already. > If you don’t mind, may I know like its squid's feature, or the Linux OS feature, which doesn’t do transparency only towards web server? > Both. The OS restrictions more than Squid. And legal restrictions in many places. Consider that your workplace might need a guard to see your passport or similar form of private ID to purchase some service for you. Is it legal (and right) for that guard to photocopy it, then use it as their own name/ID to do some things of their choosing? Compare that to a Guard who does the same copying, but uses it saying to the service provider "I come representing the person identified by this token". Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
