Nice shoot, Eliezer :-D
14.06.2017 19:28, Eliezer Croitoru пишет: > Rephrase the "cheap nationally" into "cheat inernationally". > > ---- > Eliezer Croitoru > Linux System Administrator > Mobile: +972-5-28704261 > Email: elie...@ngtech.co.il > > > -----Original Message----- > From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On > Behalf Of Eliezer Croitoru > Sent: Wednesday, June 14, 2017 11:09 AM > To: 'David Kewley' <dkew...@uci.edu>; squid-users@lists.squid-cache.org > Subject: Re: [squid-users] source spoofing without tproxy? > > Hey, > > This is a library I wrote that uses tproxy: > https://github.com/elico/go-linux-tproxy > > It’s doable using some enthusiasm but technically you cannot spoof just any > IP since you need to be able to receive back this traffic. > You cannot really "cheap nationally" the BGP protocol but only for specific > small areas which are all under your "domain" and management. > > All The Bests, > Eliezer > > ---- > http://ngtech.co.il/lmgtfy/ > Linux System Administrator > Mobile: +972-5-28704261 > Email: elie...@ngtech.co.il > > > From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On > Behalf Of David Kewley > Sent: Tuesday, June 13, 2017 4:48 AM > To: squid-users@lists.squid-cache.org > Subject: [squid-users] source spoofing without tproxy? > > I want my clients to explicitly address squid as a proxy (not use tproxy), > but have squid spoof the source addresses in the forwarded connection, so > that further hops know the original source address from the IPv4 headers. > > I could find no indication that anyone else has done this, and when I tried > various things, I could not get it working. > > Is this possible today? If not, is it worth considering as a future feature? > Or am I overlooking a reason that this cannot work even in theory? > > I got the nearly-equivalent functionality working for reverse proxying using > nginx, but so far I've found no way to do it with forward proxying. Nginx > doesn't do https forward proxying (no handling of CONNECT). > > If squid can't do what I'm looking for today, I would welcome pointers to > other possible approaches. > > Thanks, > David > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users
signature.asc
Description: OpenPGP digital signature
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
