[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Internal IP Address Detection Through NAT



On Wed, 8 Dec 2004 10:34:51 -0600
Kevin <[email protected]> wrote:
>On Wed, 8 Dec 2004 19:34:03 +0530, Siju George <[email protected]>
>wrote:> On Wed, 8 Dec 2004 11:22:01 +0100, Daniel Hartmeier
>> <[email protected]> wrote:
>> > It might be some game with IP TTL values, but pf should always
>replace> > the internal address with the gateway's. The tcpdump will
>tell.
>
>I've never seen pf "leak" the original inside source IP address from a
>NAT'd client.
>
>> I found the same thing happenning when I use Squid Proxy to connect
>to> internet. So I should be changing some configuration in squid isn't
>> it? Any comments?
>
>This is correct.  Squid by default includes a "X-Forwarded-For: header
>on each HTTP request showing the original requesting IP address.  This
>can be disabled in squid.conf with "forwarded_for off".
>
Sorry, not correct. I'm behind my squid and forwarded on or off the
header is there !
>Additionally, Squid will also append a "Via:" header which reveals
>information about the cache -- some web discussion boards will refuse
>access if the Via header is present.
>
>The code which generate both of these headers is located in 'http.c'
>in the Squid source tree.  The only way to disable the 'Via' header in
>Squid2.5 is to edit the source and recompile.
>
>Kevin
>
Would be tryed :)
But there is a accel_header_........... etc.. who's disable parts of the
header => anonymous. Look at the config file.
mess-mate