"Flavio Marcelo C. B. do Amaral" <flavio@proxy.eol.com.br> wrote:
|Hi
|
| I am pretty interested on that subject too because I am planing to
|install a Transparent Proxy and I am looking for the easiest way to do it
|at the ISP I work for. We have a Linux and a Cisco 2500.
I've asked the same and was poletly sent to read the FAQ, section 5 is
entirely about transparent proxy and explains how to do that with a
Cisco as a router and (also) Linux as a Squid platform (together with
other environments).
A few additional comments of my own:
Something which had to be made in my case is that I have to keep Squid
listening on port 8080 for regular proxy requests because that's what
I advertised to my users so far. So there is a need to add a firewall
forwarding rule to tell the Linux kernel to forward packets from port
80 to port 8080. From the Squid home site I got the impression that
Squid 1.2 will support listening on multiuple ports so the firewall
forwarding rulke could be dropped (there is a bit old patch against
1.1.10 to do that)
I startted playing with this by forwarding a single host to the proxy,
but haven't got around to compile a kernel with the firewall option
yet. I'd recommand testing this with a single host first and maybe
some sub-net of your network as a second stage before commiting your
entire network to the port blocking rule.
One last thing - the route_map rule mentioned in the FAQ might get you
a bit confused at first (it got me confused and heard someone on the
list expressing suspicion), but it's OK - it's a "double negative"
rule - hosts which do NOT match it (i.e. the proxy server) WILL NOT be
blocked.
Hope this helps,
--Amos
--Amos Shapira | "Of course Australia was marked for
133 Shlomo Ben-Yosef st. | glory, for its people had been chosen
Jerusalem 93 805 | by the finest judges in England."
ISRAEL amos@gezernet.co.il | -- Anonymous
Received on Sun Jan 25 1998 - 02:01:04 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:38:30 MST