Re: [squid-users] Transparent Proxy - Ethernet in promiscuous mode?

Anjali Kulkarni wrote:
>
> > You MUST route the packet to the interception host to ensure that the
> > packet can terminate tere properly, and you MUST use TCP/IP interception
> > on that host to redirect the traffic to the proxy application (else the
> > host will simply route the packet back as it is not addressed to him).
>
> Right, I agree, I was wondering if I have to do additional configuration at
> a lower layer(ethernet) in addition to the TCP interception(using ipfw),
> because there is no router in my network and hence no proper routing is
> taking place.

Normally nothing related to TCP/IP networking is configured at ethernet
layer.

> Please correct me if I am wrong - I was under the impression that A will use
> a default gateway to send all its packets to, ie it does no routing at all,
> simply sends out on the interface which leads to the gateway, which would
> then do the routing.

Close to all TCP/IP implementations have routing tables. See "netstat
-rn" and "route" commands.

> Since I have no gateway(router) in my n/w(atleast for
> now), how would TCP/IP of A do the routing? Is it that A's routing tables
> (does it have any??) are automatically (by default) set to do minimalistic

So how does A reach C at all then? From my understanding A and C are on
different hubs, only having B connecting them?

(if A and C are on the same hub with no router between them then you
cannot do transparent proxying between them)

Note: Close to any TCP/IP enabled system with more than one network
interface is capable of acting as a router. So if B has two network
interfaces it has all required to act as the router between the network
of A,B and the network of B,C. Similary if A has two network interfaces
it has all required to act as a router between A,D and A,B networks.

For complexity sake lets assume you have three networks on three
different hubs where two of the nodes (A and B) has two network
interfaces. Network "A,D", "A,B", and "B,C".

Network cabling layout:

D <-hub1-> A <-hub2-> B <-hub3-> C

Further, assume than there may then be a Internet connection at node B
later on.

Then your routing tables should look like the following (excluding the
directly connected networks which are set up automatically):

node D, default gateway to A
node A, default gateway to B
node B, network "A,C" route via A. No default route yet.
node C, default gateway to B

--
Henrik Nordstrom
Squid Hacker