tis 2003-02-25 klockan 16.12 skrev Fabien Salvi:
> I suppose the response to the client *must* use the real destination
> server IP for IP source address to not be dropped by it ?
>
> So, I suppose I must use NAT in iptables to do this ?
> Is this possible ?
Yes.
> In squid, I thought there was a mecanism to change the IP source address
> of the reply.
> Is this the reallity ?
This is done automatically by the TCP/IP kernel when you configure the
host to redirect port 80 to Squid (via NAT). Without it the TCP would
not at all operate in transparent interception mode, and Squid is an
application ontop of TCP.
The same TCP/IP redirect methods can be used to redirect the traffic to
ANY TCP/IP application on the host, or even on a remote server if you
prefer. It is just a variant of NAT. The only specific support required
in the application is if the application is interested in knowing the
originally intended destination (which is not the case in your case).
-- Henrik Nordstrom <hno@squid-cache.org> MARA Systems AB, SwedenReceived on Tue Feb 25 2003 - 08:18:58 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:36 MST