Re: [squid-users] Transparent Proxy - Ethernet in promiscuous mode?

Hi Henrik,

Thanks a lot!!! Your information has been very helpful, I'll try out the
transparent proxy now.

Thanks again,
Anjali

----- Original Message -----
From: Henrik Nordstrom <hno@hem.passagen.se>
To: Anjali Kulkarni <anjali@indranetworks.com>
Cc: <squid-users@squid-cache.org>
Sent: Saturday, May 26, 2001 3:06 PM
Subject: Re: [squid-users] Transparent Proxy - Ethernet in promiscuous mode?

> Anjali Kulkarni wrote:
> >
> > > You MUST route the packet to the interception host to ensure that the
> > > packet can terminate tere properly, and you MUST use TCP/IP
interception
> > > on that host to redirect the traffic to the proxy application (else
the
> > > host will simply route the packet back as it is not addressed to him).
> >
> > Right, I agree, I was wondering if I have to do additional configuration
at
> > a lower layer(ethernet) in addition to the TCP interception(using ipfw),
> > because there is no router in my network and hence no proper routing is
> > taking place.
>
> Normally nothing related to TCP/IP networking is configured at ethernet
> layer.
>
> > Please correct me if I am wrong - I was under the impression that A will
use
> > a default gateway to send all its packets to, ie it does no routing at
all,
> > simply sends out on the interface which leads to the gateway, which
would
> > then do the routing.
>
> Close to all TCP/IP implementations have routing tables. See "netstat
> -rn" and "route" commands.
>
> > Since I have no gateway(router) in my n/w(atleast for
> > now), how would TCP/IP of A do the routing? Is it that A's routing
tables
> > (does it have any??) are automatically (by default) set to do
minimalistic
>
> So how does A reach C at all then? From my understanding A and C are on
> different hubs, only having B connecting them?
>
> (if A and C are on the same hub with no router between them then you
> cannot do transparent proxying between them)
>
>
> Note: Close to any TCP/IP enabled system with more than one network
> interface is capable of acting as a router. So if B has two network
> interfaces it has all required to act as the router between the network
> of A,B and the network of B,C. Similary if A has two network interfaces
> it has all required to act as a router between A,D and A,B networks.
>
>
> For complexity sake lets assume you have three networks on three
> different hubs where two of the nodes (A and B) has two network
> interfaces. Network "A,D", "A,B", and "B,C".
>
> Network cabling layout:
>
> D <-hub1-> A <-hub2-> B <-hub3-> C
>
>
> Further, assume than there may then be a Internet connection at node B
> later on.
>
> Then your routing tables should look like the following (excluding the
> directly connected networks which are set up automatically):
>
> node D, default gateway to A
> node A, default gateway to B
> node B, network "A,C" route via A. No default route yet.
> node C, default gateway to B
>
> --
> Henrik Nordstrom
> Squid Hacker
>
Received on Wed May 30 2001 - 23:11:57 MDT