RE: [squid-users] Re: transparent proxy with transparent gateway (hrm)

From: Aaron Seelye <AaronS@dont-contact.us>
Date: Fri, 1 Feb 2002 14:08:08 -0800

Not really. I've heard of these sort of setups done with FreeBSD with
relative ease. You just need to have the IPDIVERT and IPBRIDGE arguements
in your kernel config, and then setup the proper redirects. The only thing
that may hamper this is that the traffice must logically cross the bridge
when trying to get to the gateway, but other than that, it should be rather
trivial. You could even have squid on the same box as the bridge.

Aaron

> -----Original Message-----
> From: Terry Davis [mailto:tdavis@birddog.com]
> Sent: Friday, February 01, 2002 12:10 PM
> To: Reischl, Brian
> Cc: squid-users@squid-cache.org
> Subject: [squid-users] Re: transparent proxy with transparent gateway
> (hrm)
>
>
> This would work in my situation. I don't like the idea of
> changing the
> IP address on my firewall but what's the difference ?
>
> The bridge idea is cooler but MUCH more complicated.
>
>
> Reischl, Brian wrote:
>
> > Maybe I'm completely misunderstanding what you're trying to
> do here, but
> > it seems to me you could set up a Linux box as a transparent
> > proxy/router. Have it configured to proxy all port 80 and forward
> > everything else to the gateway. Then move your gw to a IP
> new address,
> > and have the proxy/fw take over the gateway's old IP address. Thus
> > clients keep sending everything to the same IP thinking it's the
> > gateway. Only now your proxy is sitting at that IP,
> proxying HTTP and
> > silently forwarding everything else to the real gateway. All the
> > ethernet level stuff should sort itself out after
> everyone's ARP cache
> > expires in 5 or 10 minutes, and the clients should never know the
> > difference. Or am I missing something here?
> >
> > -----Original Message-----
> > From: Terry Davis [mailto:tdavis@birddog.com]
> > Sent: Friday, February 01, 2002 12:01 PM
> > To: squid-users@squid-cache.org
> > Subject: transparent proxy with transparent gateway (hrm)
> >
> >
> > This is a good one and perhaps I need to be slapped around a bit for
> > even suggesting it.
> >
> > I want to set up transparent proxying. I do not want to change the
> > default gw on my clients. Is there a way that I can set up
> an ethernet
> > bridge that 'listens' for port 80 connections and mangles
> those packets
> > so the destination address is the proxy server? I think I know the
> > answer to this but it's worth a shot.
> >
> > --
> > Terry Davis
> > Systems Administrator
> > BirdDog Solutions, Inc.
> > (402) 829-6059
> > www.birddog.com
> >
>
>
> --
> Terry Davis
> Systems Administrator
> BirdDog Solutions, Inc.
> (402) 829-6059
> www.birddog.com
>
Received on Fri Feb 01 2002 - 15:03:28 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:09 MST