Re: [squid-users] Transparent Proxy - Ethernet in promiscuous mode?

promiscious mode won't work, because

a) It does not cause the packet to terminate there, it will only cause
the packet to be duplicated.

b) You will still need to enable TCP interception to have the connection
redirected to the proxy.

You MUST route the packet to the interception host to ensure that the
packet can terminate tere properly, and you MUST use TCP/IP interception
on that host to redirect the traffic to the proxy application (else the
host will simply route the packet back as it is not addressed to him).

From what you describe it sound like B is the router connecting your two
networks (two hubs, one connecting A<->B, one connecting B<->C). In such
case A can only reach C by routing the traffic via B. If so then
everyting is set for playing with packet interception capabilities of B
to have web traffic from A to C redirected to the proxy.

Note: Promiscious mode is NOT related to routing.

--
Henrik Nordstrom
Anjali Kulkarni wrote:
> 
> Hi Henrik,
> Thanks a lot for your reply. But suppose there is a simple set up where
> there are only 3 m/cs on the n/w, without any connection to the internet.
> The m/c with squid proxy is in center(B), and it is connected by a hub, one
> on each side, to the other 2 m/cs(A &B).
> So,  A--(hub)--B--(hub)--C
>  If a packet at A, is addressed to C(IP address), then it will be seen by B,
> but will terminate there only when (I guess) , either:-
> I set up a router at A, routing all packets to (via) B, or
> I set A's IP forwarding rules to forward all its packets to B??
> Is that right or is there any other way? I think the first way would take a
> lot of time and expertise, right?:)
> Thanks,
> Anjali
> 
> ----- Original Message -----
> From: Henrik Nordstrom <hno@hem.passagen.se>
> To: Anjali Kulkarni <anjali@indranetworks.com>
> Cc: <squid-users@squid-cache.org>
> Sent: Friday, May 25, 2001 10:37 AM
> Subject: Re: [squid-users] Transparent Proxy - Ethernet in promiscuous mode?
> 
> > The packets must be ROUTED via the intercepting host. If the host is not
> > in the direct path (i.e. a router in the path), then you must redirect
> > the traffic at a close by router.
> >
> > It is not only the matter of seeing the packet, the packet must also
> > terminate there.
> >
> > --
> > Henrik Nordstrom
> > Squid Hacker
> >
> > Anjali Kulkarni wrote:
> > >
> > > Hi,
> > > I want to set up a transparent proxy on my m/c, on FreeBSD 4.0. I have
> > > read all the related documents and have one doubt, before I start. Do
> > > we need to set the ethernet in promiscuous mode to make sure that it
> > > intercepts all packets that arrive at it's interface? IPFilter rules
> > > in freeBSD will work in the IP layer ie check for IP address; however,
> > > unless the ethernet card is in promiscuous mode, or it uses ARP to
> > > intercept packets not addressed to it's own IP address (by supplying
> > > its own MAC address during ARP), I dont see how it will work?
> > > Thanks,
> > > Anjali
> >