Re: [squid-users] Transparent Proxy - Ethernet in promiscuous mode?

Hi Henrik,
Thanks a lot for your reply. But suppose there is a simple set up where
there are only 3 m/cs on the n/w, without any connection to the internet.
The m/c with squid proxy is in center(B), and it is connected by a hub, one
on each side, to the other 2 m/cs(A &B).
So, A--(hub)--B--(hub)--C
 If a packet at A, is addressed to C(IP address), then it will be seen by B,
but will terminate there only when (I guess) , either:-
I set up a router at A, routing all packets to (via) B, or
I set A's IP forwarding rules to forward all its packets to B??
Is that right or is there any other way? I think the first way would take a
lot of time and expertise, right?:)
Thanks,
Anjali

----- Original Message -----
From: Henrik Nordstrom <hno@hem.passagen.se>
To: Anjali Kulkarni <anjali@indranetworks.com>
Cc: <squid-users@squid-cache.org>
Sent: Friday, May 25, 2001 10:37 AM
Subject: Re: [squid-users] Transparent Proxy - Ethernet in promiscuous mode?

> The packets must be ROUTED via the intercepting host. If the host is not
> in the direct path (i.e. a router in the path), then you must redirect
> the traffic at a close by router.
>
> It is not only the matter of seeing the packet, the packet must also
> terminate there.
>
> --
> Henrik Nordstrom
> Squid Hacker
>
> Anjali Kulkarni wrote:
> >
> > Hi,
> > I want to set up a transparent proxy on my m/c, on FreeBSD 4.0. I have
> > read all the related documents and have one doubt, before I start. Do
> > we need to set the ethernet in promiscuous mode to make sure that it
> > intercepts all packets that arrive at it's interface? IPFilter rules
> > in freeBSD will work in the IP layer ie check for IP address; however,
> > unless the ethernet card is in promiscuous mode, or it uses ARP to
> > intercept packets not addressed to it's own IP address (by supplying
> > its own MAC address during ARP), I dont see how it will work?
> > Thanks,
> > Anjali
>
Received on Fri May 25 2001 - 08:03:27 MDT