Re: Is it possible to implement ipchains and transparent proxy in onesystem.

From: Matthew <matthew@dont-contact.us>
Date: Mon, 8 May 2000 19:23:06 +0100 (BST)

On Mon, 8 May 2000, Russell Mosemann wrote:

> On Mon, 8 May 2000, Henrik Nordstrom wrote:
>
> > Russell Mosemann wrote:
> >
> > > "httpd_accel_port 80" simply means that when squid sees a packet
> > > destined for port 80, it is supposed to accept that packet.
> >
> > No, nothing at all in that direction.
> >
> > What httpd_accel_port says is that when Squid is accelerating a request
> > the origin server listens to port 80.
>
> I don't understand how your explanation differs from mine. If the
> original (i.e., destination) server is listening on port 80, that means
> the packet will be destined for port 80. The packet will be redirected to
> the port squid is listening on (3128 by default). Squid sees a packet
> destined for port 80. Squid accepts the packet.
>

no, the redirection process is nothing to do with squid.
redirection is achieved in the kernel - and is configured with the
ipchains program. the kernel then recieves a packet on port 80, looks at
the firewall, and adjusts the packet appropriatly ie. very basically
change dst port to 3128.

> Russell Mosemann * Computing Services * Concordia University, Nebraska
>
>
Received on Mon May 08 2000 - 12:29:30 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:53:24 MST