Re: [squid-users] about squid with ident

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 08 Nov 2002 09:11:25 +0100

Robert Collins wrote:

> Ident *may* work. You will need to guarantee that the ident request
> appears to come from the origin server, not the proxy. This will need a
> magic L7 switch, or some iptables/ipfilter style magic.

iptables/netfilter cannot yet do this easily. There is only support for
intercepting connections, not making connections with foreign source IP
addresses.

There is a experimental netfilter patch floating around (should be in
iptables patch-o-matic) which adds the capability to make connections
with foreign IP addresses and a better framework for intercepting
connections. However, Squid will need to be modified to make use of the
new TCP/IP hooks provided to make use of this feature.

Regards
Henrik
Received on Fri Nov 08 2002 - 01:24:22 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:14 MST