Re: Transparent Proxying and src ip adress ?

From: Leonid Igolnik - LiM <[email protected]>
Date: Tue, 8 Jun 1999 23:50:28 +0300 (IDDT)

It can be anything but changing the src IP due to port forwarding - if it
was so proxy never could reply to the original source of the computer. But
masquerading does it - it changes src ip to unique pare of ip+port. So my
suggestion is to move the port redirection to the head of the ip chain.

Leonid Igolnik aka LiM

On Tue, 8 Jun 1999, Christoph Adomeit wrote:

|Hi there,
|
|I configured my Linux 2.2.x Gateway with ipchains to do
|a)masquerading (intended for protocols different from http) and
|b)transparent proxying on port 80
|
|This works good, any request to port 80 in the outside
|world is redirected to the local squid.
|
|Unfortunately squid now only sees the src-ip adress of the
|linux-router itself as user-ip after transparent redirection.
|So I cannot use acl's based on the src-ip anymore.
|This can either be a problem that masquerading takes place
|before port-redirection in the kernel. The other possibility
|is, that maybe with port redirection the src-ip is always
|changed. Any ideas ?
|
|Is there a solution for this problem ?
|
|Thanks
| Christoph
|
Received on Tue Jun 08 1999 - 14:44:40 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:46:48 MST