On Monday 01 September 2003 06.18, cc wrote:
> But how do I restrict Src ips? As it
> stands, all the port 80 packets that
> are sent to the 'net from the clients
> are DNATd to the Squid box and SNAT
> from the routing-box.
Don't NAT, just route the packets via a different route (policy
routing).
If there is other routers inbetween the interception point and the
Squid box then use a GRE tunnel, if not direct routing.
For reliable session routing in iptables you can use the CONNMARK
module. See iptables patch-o-matic extras.
Regards
Henrik
-- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, info@marasystems.comReceived on Mon Sep 01 2003 - 01:16:12 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:27 MST