'Re: [squid-users] changing squid explicit mode to transparent mode'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squid-users
Subject:    Re: [squid-users] changing squid explicit mode to transparent mode
From:       Amos Jeffries <squid3 () treenet ! co ! nz>
Date:       2021-05-28 2:21:10
Message-ID: ac3fdd44-753f-3059-bad5-f39332c32ef4 () treenet ! co ! nz
[Download RAW message or body]

On 27/05/21 8:43 pm, simon ben wrote:
> Dear All,
> 
> I have the below setup running perfectly for a couple of years
> 
> Centos 8 X64
> squid-4.11-3
> 
> configured in explicit mode so all client machines have the proxy IP 
> configured in their browser
> 
> Recently we have got a security cloud solution which requires the source 
> IP of the client machine
> 

Okay. Have you looked into the ways it will accept that IP address?

Does it actually require direct connections from each client?
   In that case you need to use TPROXY feature.

Otherwise,

You may be able to simply send a custom header containing the client's 
IP. "Forwarded:" is the standard header for that use, there are also 
many application-specific headers names around.


> Since I have to configure the squid in transparent mode so the client 
> source IP is visible and as required for transparent mode config i need 
> to change the gateway to my squid server IP .
> 
> 1 ) Is there any way so that I retain the source client PC IP in the 
> current setup ????

Please define "retain".


> 
> 2 ) if only way possible is by reconfiguring   my current proxy to  
> transparent mode then if there is some way without changing the client 
> pc Gateway
> Right Now the default gateway of the client PC is our Core switch vlan 
> ip address.
> 

Any commercial router should provide capabilities to *route* client 
packets to Squid machine and Squid's outbound to wherever they need to go.

Note that doing it this way can *double* or even triple the amount of 
traffic load that switch is handling when Squid is in the same subnet as 
the clients.


Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic