tis 2009-09-15 klockan 12:28 +1200 skrev Amos Jeffries:
> The big reason is that TPROXY passes the IPs to Squid inverted via
> accept(). There is no probe like the NAT ORIGINAL_DST to separate the
> TPROXY and non-TPROXY received connections. The only way to identify this
> IP inversion is the flags in squid.conf.
Yes, but here we are talking about the other side, when Squid makes the
outgoing connection. That part do not need to depend in any way on how
the request arrived at Squid, just on where the request is heading
(routing of return traffic for the client via Squid server).
Should in theory work to enable tproxy spoofing even for normal proxied
connections.
Regards
Henrik
Received on Tue Sep 15 2009 - 02:13:29 MDT
This archive was generated by hypermail 2.2.0 : Tue Sep 15 2009 - 12:00:02 MDT