Find the answer to your Linux question:
Results 1 to 3 of 3
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    squid proxy passing lan client ip ( public) to remote site

    I am looking for a way to get client IP addresses to remote servers to truly make squid transparent.

    This is for a WISP where the clients have public IP addresses and squid would sit parallel to the core router.

    I can't find any documentation on how to 'de'-NAT the proxied connections

    CLIENT IP > router/nat > squid > router/nat > remote site
    where remote site sees only CLIENT IP > remote site.

    any ideas on this being possible and/or how to do it?

  2. #2
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    I think, the closest to what you want is this:
    X-Forwarded-For - Wikipedia, the free encyclopedia

    The problem is:
    If squid really would replace the source IP, then the webservers would try to answer the clients directly.
    ie: circumventing the squid.

    And probaly it wouldnt work, as the tcp sequence number wouldnt match:
    The client sends a request ( = packets ), but squid creates new packets, aka new sequence numbers
    You must always face the curtain with a bow.

  3. #3


    I had been googling for nearly an hour and hadn't found anything when I posted this, but then stumbled on a patched iptables with cttproxy.

    This turns the squid box into a bridge that truly transparently proxies as the tproxy keeps a special table in iptables to track the NAT from orig>squid and back squid>orig.

    I have not set this up yet but I will try it this weekend. Have to build a patched kernel, squid, and iptables to do it..

  4. $spacer_open

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts