On Thu, 25 Mar 2004, usman fool wrote:
> a machine with 2 ethernet cards (eth0,eth1) operating as bridge whereas its
> 1 ethernet interface(eth1) has ip address and squid is running on it, now
> that machine is connected to internet through ppp0 (as pp0 is not part of
> bridge) . ipforwarding is enabled to communicate between eth1 and ppp0.
Ok.
In Linux this looks slightly different
a) IP addresses are assigned to the bridge device, not the bridged
interfaces
b) IP addresses are global and accessible from all interfaces. No IP
forwarding is required for local applications to talk via any interface
even if they bind to a specific IP address.
But yes, if this box is to act as a router between the local LAN and the
PPP connection then IP forwarding is required. This is completely separate
from the bridge function.
Bridge + Squid does not need IP forwarding, including Squid using the PPP
interface to connect to the Internet if so is desired.
Direct routing LAN <-> PPP does need IP forwarding, and clients need to be
using the router IP (the IP assigned to the bridge interface if also
bridgeing) as gateway, just as then need even if there is no bridge or
transparent proxying involved.
In all transparent interception proxy setups the clients needs working DNS
and routing towards the Internet, if not they will not initiate the
connections to be intercepted by the proxy. If you can not have working
DNS or routing towards the Internet then browser proxy configuration is
required.
Regards
Henrik
Received on Thu Mar 25 2004 - 01:26:55 MST
This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:03 MST