Re: transperant proxy using Cisco?

From: Henrik Nordstrom <>
Date: Thu, 08 Jan 1998 22:32:02 +0100

Yar Tikhiy wrote:

> to the cache those ICMP packets that have the TCP packet with source
> port equal to 80 in them. Unfortunately, Cisco routers cannot do that,
> forcing admins to devise some bogus solutions :-)

Which is not to hard, since all they have to do is to set the MTU of the
"client" interface (the interface on the proxy server that the clients
connect to) to the lowest value in the path. MTU discovery from client
to proxy is no problem since it is a almost normal path, and
proxy->client should never need any fragmentation.

This should work, as long as none of the clients sets a unexpected low

The downside is that you have to set the MTU to the lowest value of any
possible path to the clients. Some dialup users might have very small
MTU values to support simoultaneous interactive and "batch" (WWW or FTP)
transfers. But then, it works for all if they fill in their proxy
settins, so you can probably choose a reasonable MTU and then take the
pain to tell the few ones that needs to fill in their proxy settings.

Do remember that you should have at least two different interfaces. The
outgoing interface, and the interface used when people fill in their
proxy settings should use a normal MTU setting. Only the interface used
in transparent proxying should have a tuned MTU (I beleive this can be a
virtual interface. There is probably no need for more than one netcard
to do this).

Henrik Nordström
Received on Thu Jan 08 1998 - 13:56:24 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:38:21 MST