Juri Haberland wrote:
>
> Henrik, this should be in the FAQ. Actually I did the same as Andy and
> it seemed to work - but as you said, this may break in a subtle way.
> Actually I never heard before of doing transparent proxying with advanced
> routing, but it sounds very reasonable. So, please put it in the FAQ (or
> be so kind and forward it to the maintainer).
The transparent caching you do with iptables REDIRECT, as said in the
FAQ.
The routing of packets to the box where you do transparent caching
should be routing. i.e. policy route maps for Cisco or advanced routing
on Linux.
Hmm.. thinking a bit more on the routing issues.. it is probably safer
to use NAT as you do and accept that some clients will fail. Doing a
proper routing setup is non-trivial unless you patch iptables with
connection mark capabilities to also catch related ICMP traffic.
(I think Cisco policy routing is plauged by the same issues, perhaps
also WCCP).
-- Henrik Nordstrom Squid HackerReceived on Sat Jun 30 2001 - 20:15:02 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:53 MST