I've never setup a squid proxy in transparent mode. Am I correct in
assuming
I need to also have ip_chains in my kernel to route the traffic from my
internal net to the outside world or would simple entries to the routing
table work?
I only have 1-2 addresses that I want to transparently proxy -- I have a
network device that wants to speak to some http servers but doesn't know
about http
proxies.
Am looking for a least effort approach that will allow the device to contact
it's server, but I don't want to open access to any other http servers.
As a minor addition, I want to limit access to this proxy only from this
network device (at a fixed address assigned by my internal DHCP
server). I know that
should be trival using ACL's, but it would be "cool" if I could use my
existing
running copy of squid3beta to serve it's current function of an
8080-based http proxy as well as providing the transparent service to
the dumb network device.
It doesn't appear to be entirely straight forward since if I config my
internal
ethernet interface to respond as the external host, I'm not sure that plain
'route' commands would be able to handle the task of forwarding the traffic.
Haven't gotten into ipchains configuration yet, and wanted to avoid
adding that
complexity if it is not necessary as complexity is the enemy of
reliability and security as a "general" rule...:-)
TIA for suggestions/answers...
I haven't found much in the documentation about transparent proxying...
(oh for a manpage .....:-))
-linda
Received on Wed Jun 30 2004 - 16:35:50 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Jul 01 2004 - 12:00:03 MDT