[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Internal IP Address Detection Through NAT



On Wed, 8 Dec 2004 19:34:03 +0530, Siju George <[email protected]> wrote:
> On Wed, 8 Dec 2004 11:22:01 +0100, Daniel Hartmeier
> <[email protected]> wrote:
> > It might be some game with IP TTL values, but pf should always replace
> > the internal address with the gateway's. The tcpdump will tell.
I've never seen pf "leak" the original inside source IP address from a
NAT'd client.
> I found the same thing happenning when I use Squid Proxy to connect to
> internet. So I should be changing some configuration in squid isn't
> it? Any comments?
This is correct.  Squid by default includes a "X-Forwarded-For: header
on each HTTP request showing the original requesting IP address.  This
can be disabled in squid.conf with "forwarded_for off".
Additionally, Squid will also append a "Via:" header which reveals
information about the cache -- some web discussion boards will refuse
access if the Via header is present.
The code which generate both of these headers is located in 'http.c'
in the Squid source tree.  The only way to disable the 'Via' header in
Squid2.5 is to edit the source and recompile.
Kevin