[squid-users] Squid - Not replace source IP address

From: casket88 <jamespeek_at_oldfields.com.au>
Date: Tue, 4 Aug 2009 17:01:45 -0700 (PDT)

Hi,

We have several interconnected branches on their own networks. I would like
to shut off web access directly from all branches except head office.

We have an Untangle gateway configured as a transparent bridge at head
office that all traffic passes through. I would like to keep on using this
for content filtering and logging. However I want a Squid server to be able
to accept connections from our branches, use its caching and then redirect
it out through the Untangle gateway for loggin. We will be redirecting all
web traffic on our Cisco routers at each branch to the proxy server.

I have Squid set up to allow connections from all our internal networks and
set up IPtables with the following command:

ptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port
3128

This all works fine and I am able to surf throguh the proxy, which appears
to be caching correctly and forwarding it to our gateway which performs the
content filtering and logging. The only problem is that through the NAT
process the source IP address is replaced with that of the Squid's and is
logged accordingly.

How would I go about configuring Squid to accept connections, cache them and
then forward the request on to the webserver via the gateway WITHOUT
replacing the source IP address?

In summary: user requests connection to website on port 80, request
transparently redirected to Squid on Cisco router, Squid accepts it and
forwards it to webserver through gateway.

Cheers

-- 
View this message in context: http://www.nabble.com/Squid---Not-replace-source-IP-address-tp24818364p24818364.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Wed Aug 05 2009 - 00:01:48 MDT

This archive was generated by hypermail 2.2.0 : Wed Aug 05 2009 - 12:00:03 MDT