Nice shoot, Eliezer :-D 14.06.2017 19:28, Eliezer Croitoru пишет: > Rephrase the "cheap nationally" into "cheat inernationally". > > ---- > Eliezer Croitoru > Linux System Administrator > Mobile: +972-5-28704261 > Email: eliezer@xxxxxxxxxxxx > > > -----Original Message----- > From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Eliezer Croitoru > Sent: Wednesday, June 14, 2017 11:09 AM > To: 'David Kewley' <dkewley@xxxxxxx>; squid-users@xxxxxxxxxxxxxxxxxxxxx > Subject: Re: source spoofing without tproxy? > > Hey, > > This is a library I wrote that uses tproxy: > https://github.com/elico/go-linux-tproxy > > It’s doable using some enthusiasm but technically you cannot spoof just any IP since you need to be able to receive back this traffic. > You cannot really "cheap nationally" the BGP protocol but only for specific small areas which are all under your "domain" and management. > > All The Bests, > Eliezer > > ---- > http://ngtech.co.il/lmgtfy/ > Linux System Administrator > Mobile: +972-5-28704261 > Email: eliezer@xxxxxxxxxxxx > > > From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of David Kewley > Sent: Tuesday, June 13, 2017 4:48 AM > To: squid-users@xxxxxxxxxxxxxxxxxxxxx > Subject: source spoofing without tproxy? > > I want my clients to explicitly address squid as a proxy (not use tproxy), but have squid spoof the source addresses in the forwarded connection, so that further hops know the original source address from the IPv4 headers. > > I could find no indication that anyone else has done this, and when I tried various things, I could not get it working. > > Is this possible today? If not, is it worth considering as a future feature? Or am I overlooking a reason that this cannot work even in theory? > > I got the nearly-equivalent functionality working for reverse proxying using nginx, but so far I've found no way to do it with forward proxying. Nginx doesn't do https forward proxying (no handling of CONNECT). > > If squid can't do what I'm looking for today, I would welcome pointers to other possible approaches. > > Thanks, > David > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
