Robert Dale wrote:
> I think he is wondering the same thing I am wondering...
> Why does squid rely on IP Filter? Granted, I haven't had a chance to
> delve into the source yet, but I want to get transparent proxying
> working on Linux 2.2 with glibc2 (which isn't going to happen with
> IP Filter.)
Squid does not rely on IP-Filter, but if you do routing redirection of
port 80 traffic to a proxy server then the kernel TCP/IP implementation
needs to support transparent TCP/IP proxying. IP-Filter is one of the
packages which can be used to add the needed functionality to many
UNIX:es TCP/IP stacks.
What --enable-ipf-transparent does is to enable code in Squid for
interfacing to IP-Filter redirection tables. When running as a
transparent proxy Squid needs to be able to get the real intended
destination address, but IP-Filter hides this from Squid and Squid needs
to ask IP-Filter for this information.
There are at least two OS:es with the needed functionality natively in
the kernel sources: Linux and FreeBSD (I think). On these systems you do
not need to install IP-Filter (isn't even possible on Linux), or to use
--enable-ipf-transparent.
-- Henrik Nordström Spare time Squid hackerReceived on Thu Aug 12 1999 - 16:57:43 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:48:01 MST