Re: Transparent Proxy

From: Henrik Nordstrom <>
Date: Sat, 16 May 1998 14:08:11 +0200

Dancer wrote:

> which was my assumption, since people's gateway boxes are usually
> distinct from their proxy servers except in the case of corporate
> firewalling, where transparent proxying is not usually an issue

Yes, and in those cases they usually use router redirection, and not a
Linux router with ipfwadm.

The same reasoning applies to a Linux Squid transproxy server in a
router-rediection setup, where the Linux box is programmed to
transparently accept port 80 requests. It does NOT require a additional

The case where a additional daemon is required is when you want to split
the transproxy TCP/IP support (not directly related to routing) and run
Squid on a separate machine (possibly one where transproxy support is
not available).

Linux examples where a separate transproxy daemon is needed:
Scenario 1: 2 machines, where one acts as a router
* Linux border router programmed with ipfwadm to transparently accept
port 80 traffic.
* Squid running on separate machine.

Scenario 2: (1 router, 1 transproxy server, 1 squid server)
* A router with a programmed routemap redirecting traffic to a
transproxy server
* The transproxy server is only a transproxy server (no Squid), sending
the requests to another machine where Squid is running.

Examples where a transproxy daemon is NOT needed:
Scenario 3: Caching border router
* Squid runs on the router

Scenario 4: 1 router, 1 squid server
* A router with a programmed route-map redirecting port 80 traffic to
the Squid server
* Squid runs on a Linux box programmed with ipfwadm.

Henrik Nordström
Received on Sat May 16 1998 - 06:09:07 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:40:12 MST