tis 2009-09-15 klockan 14:43 +1200 skrev Amos Jeffries:
> > Yes, but here we are talking about the other side, when Squid makes the
> > outgoing connection. That part do not need to depend in any way on how
>
> We are talking about setting http_port (incoming) options. Or so I thought.
I am not sure where such setting belongs, but probably not http_port as
it does not really have to do with how the request is accepted only with
how it's forwarded.
> That would be some other functionality not related to what the existing
> http_port tproxy flag does. Spoofing without handling inbound spoofed
> requests. IMO it is as nice to use as a certain login function turned out
> to be.
Exactly.
> You can try it I suppose. I suspect there is likely some kernel
> implementation bits that prevent random IP spoofing though. The only limit
> in Squid is that spoof_client_ip flag must be set before tcp outgoing
> address is selected.
The only limit I know of is that the application needs to have the
appropriate privileges, and TPROXY needs to be enabled in the kernel
obviously.
Regards
Henrik
Received on Tue Sep 15 2009 - 06:00:50 MDT
This archive was generated by hypermail 2.2.0 : Tue Sep 15 2009 - 12:00:02 MDT