[squid-users] Transparent proxy - spoofing client address from Dave Restall - System Administrator on 2003-05-08 (squid-users)

From: Dave Restall - System Administrator <dave@dont-contact.us>
Date: Thu, 08 May 2003 18:36:59 +0100

Hi,

Following up on my much earlier question about this, I have :-

1) Compiled a new patched kernel with all the required bits.
2) Compiled a patched squid.
3) Added a tproxy rule.

and amazingly, I can now use squid transparently and get the web server to see the client's IP address. It works really well, I see an entry in the squid log for the reqest, I also see an entry in the web server log
- with the client's IP address.

However it is not perfect. It only works intermittently. It will work correctly for a few requests, then it will start using the IP address of the squid box instead of the server. This will continue for a few
requests then the client IP address starts being used again.

I have had tcpdump running and can confirm that the requests from the
squid box do go out with the IP address as seen in the web server logs,
i.e. when a request is seen from the client, that request was sent out
with the client's IP address, when the request comes from the squid
cache - that request does have the squid cache's address.

I have been in touch with the patch developers (for both tproxy and
squid) and have not had much success, so in desperation it is time to
ask the help of the list, basically has _ANYBODY_ got this to work 100%
and if so what did they do. I'm doing the following :-

Linux 2.4.20 + cttproxy patch
iptables 1.2.7.a + cttproxy patch
squid-2.5.STABLE1 + tproxy patches

iptables command :-

iptables -t tproxy -A PREROUTING -s 192.168.99.0/24 -p tcp --dport 80 -j TPROXY --on-port 3128

This is the only command used, I have installed the proxy modules as
required.

I don't believe I'm the only one to have got this far and suspect I am
missing something or mis-understanding something fundamental. Is there
anybody there who can give me that extra nudge in the right direction ?

Regards,

Dave
mail/squid/2003-05-08.tx squid-users@squid-cache.org
+----------------------------------------------------------------------------+
| Dave Restall, IIRC Limited, PO Box 46, Skelton, Cleveland, TS12 2GT. |
| Tel. +44 (0) 1287 639309 Mob. +44 (0) 7973 831245 Fax. +44 (0) 1287 635955 |
| email : dave@iirc.net dave@restall.net Web : http://www.iirc.net |
+----------------------------------------------------------------------------+
| It's like deja vu all over again. |
| -- Yogi Berra |
+----------------------------------------------------------------------------+
Received on Thu May 08 2003 - 11:37:05 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:16:24 MST