Re: [squid-users] help with proxy server..might be a transparent issue

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 25 May 2001 18:59:31 +0200

Matt Ashfield wrote:

> > b) The TCP/IP implementation on the proxy box must be altered to
> > intercept these packets even if not addressed to any of it's configured
> > interfaces or IP aliases. (this you are missing)
>
> Is this possible on AIX? Could I just route one of its interfaces to the
> other? Although I suppose my destination address would have to change to the
> proxy box, rather than the host with the desired URL?

That is the tricky question. Without packet interception capabilities in
the TCP/IP kernel it is not much you can do in terms of making a
transparent proxy. Packet interception is usually one special case of
packet level NAT.

On most OS:es where interception is not supported natively IP-Filter can
be used to add the interception capability, howeve IP-Filter does not
support AIX, and there does not seem to be much interest in having it
ported there...

One possibility if you cannot find packet interception capabilieis for
your OS is to running the packet interception proxy on wome other OS,
which then uses your AIX proxy as a parent proxy (if at all).

--
Henrik Nordstrom
Squid Hacker
Received on Fri May 25 2001 - 11:13:10 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:18 MST