Re: Questions about transparent proxying

From: Clifton Royston <cliftonr@dont-contact.us>
Date: Thu, 12 Aug 1999 11:01:42 -1000 (HST)

Reuben Farrelly writes:
> I've read up the squid FAQ a little about the setup of transparent proxying
> and have a couple of questions. We have a Cisco 7200 which is doing the
> actual transparency/rerouting of the packets which are obviously destined
> for port 80 on another machine.

  I was using a different set-up (Foundry ServerIron for redirection,
BSD/OS 4.0.1 OS) but had a similar concern/wish to avoid installing IP
Filter in the OS. Ultimately, I found I had to install it to get
things to work properly, both with Squid and with the redirection.
 
> * If the answer is "yes", then on Solaris using Squid 2.1PATCH2, do we need
> to use the IPFilter package? I'm asking because I don't quite understand
> the relationship between IPFilter and the --enable-ipf-transparent compile
> option in Squid, and if these two options are used together or whether we
> can choose to use either...

  --enable-ipf-transparent requires the headers for the IP Filter
package to be findable by Squid. On most UNIXes, there seems no way
around installing IP Filter if you want to be able to compile and run
Squid with transparency. (Hint: the headers may end up in the wrong
directory after you install IP filters, and you'll need to either
duplicate them into a different /usr/include directory or fix the
directory the configure package looks for them in.)

  Fortunately, once installed, the package seems to work just fine.

HTH,
  -- Clifton

-- 
 Clifton Royston  --  LavaNet Systems Architect --  cliftonr@lava.net
        "An absolute monarch would be absolutely wise and good.  
           But no man is strong enough to have no interest.  
             Therefore the best king would be Pure Chance.  
              It is Pure Chance that rules the Universe; 
          therefore, and only therefore, life is good." - AC
Received on Thu Aug 12 1999 - 14:47:12 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:48:01 MST