-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
With this patch one can omit vport_mode then do something like this
(on proxy)
- -t nat -N e0
- -t nat -A PREROUTING -j e0 -i eth0
- -t nat -A e0 -d {subnet-on-which-eth0-sits} -j RETURN
- -t nat -A e0 -d 224.0.0.0/8 -j RETURN
- -t nat -A e0 -p tcp -j REDIRECT --to-port 3128
(on router)
- -t mangle -A PREROUTING -d ! 212.193.32.0/19 -p tcp -m mport --dport 80,1533,3128,8000:8099 -j TRANS
... TRANS tied to set next-hop proxy
or on cisco router set next-hop by acl containing not only dstport 80
And squid will correctly determine original dst port, actually
allowing transparency not only on one port.
diff -Nru a/src/client_side.c b/src/client_side.c
- --- a/src/client_side.c Sat Nov 16 15:31:26 2002
+++ b/src/client_side.c Sat Nov 16 15:31:26 2002
@@ -2571,6 +2571,11 @@
int vport;
char *q;
const char *protocol_name = "http";
+
+#if LINUX_NETFILTER
+ getsockopt(conn->fd, SOL_IP, SO_ORIGINAL_DST, &conn->me, &sock_sz);
+#endif
+
if (vport_mode)
vport = (int) ntohs(http->conn->me.sin_port);
else
- --
Paul P 'Stingray' Komkoff 'Greatest' Jr /// (icq)23200764 /// (http)stingr.net
When you're invisible, the only one really watching you is you (my keychain)
-----BEGIN PGP SIGNATURE-----
iD8DBQE91kNUyMW8naS07KQRA6SQAKCzL+emz2JExfmpbIYCsAsICnBASgCeJ2pn
aywHa9yFhp5zgZ8Bpexaku4=
=Wco4
-----END PGP SIGNATURE-----
Received on Thu Nov 21 2002 - 09:21:20 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:18:43 MST