From: Marc Delisle <>
Date: Thu, 12 Sep 1996 15:41:10 -0700

Eric Dumazet wrote:
> Hello everybody.
> I'am using squid-1.0.11 on a Linux machine, acting as a firewall/proxy
> for my company.
> After seeing the TRANSPARENT PROXY capability of recent linux kernel,
> I would like to use this with squid.
> The main advantage would be that my collegues would'nt have to worry about
> configuring their browser, because the linux machine is already the
> gateway for our Internet access. And I would'nt have to explain to
> my collegues how to configure their browser (!)
> I have done some tests about Transparent proxying :
> My squid server listen for incoming requests on port 8080.
> If I issue the command :
> /sbin/ipfwadm -I -a acc -P tcp -S any/0 -D any/0 80 -r 8081
> Then, the gateway intercepts the connection and redirects it to a local
> application listening on port 8081, instead of forwarding it to the
> real destination.
> The local application does an accept() and can obtain the IP address
> of the destination wanted by the browser with getsockname().
> This hack could be used by squid with some modifications :
> When the browser ask a page (the / for example), squid should receive
> GET / HTTP/1.0
> instead of
> GET HTTP/1.0
> Thus, I am thinking of adding a configuration option in squid.conf,
> telling squid to listen to another port (8081 for example) for incoming
> connections, redirected by the TRANSPARENT proxy facility in the kernel.
> If an accept is done on this port, squid would know about the hack,
> and would issue getsockname() in order to know the IP address of the
> web server asked. Squid should insert th IP address in the request
> coming from the browser, before entering the main code of the proxy.
> What do you think of this idea ?
> Eric dumazet

did you try the httpd accelerator mode?

Marc Delisle                   
Service Informatique,                              
Collège de Sherbrooke      
Québec.  819/564-6223
Received on Thu Sep 12 1996 - 12:40:00 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:33:00 MST