Re: [squid-users] Squid and level 4 switch

Ming-Ching Tiew disse na ultima mensagem:
>
> From: "Michel Santos" <michel@lucenet.com.br>
>>
>> aren't you mixing things here? *layer* 4 and *level* 4 are different
>> things and policy routing eventually is still another
>>
>
> I know you are the expert but your answers are not helping at all.
>
> I don't need to be told that you are the expert but I will be glad
> to be told how different and in what way they are different.

thank's for the glory but it is not an expert qualification but a
necessarily basic knowledge for anyone who works with TCPIP/routing in
order to understand what he is doing ...

anyway, level 3 switch/bridge understand up to OSI Layer4 and layer 4
switch/bridge understand up to OSI layer 7 as I said already before

so you can google for "OSI Layer definition" and see what that is, that
are the differente network layers from hardware up to application layer

>
>>
>> for policy routing you do not need a level 4 bridge neither a level 4
>> switch because any OS with any kind of forwarding capable firewall
>> package
>> can do that and in order to do routing (any) you do not need a bridge
>> setup at all
>>
>
> I was just trying to slip in a box which does things transparently.
> I intend to get a little further than this, I want to even add gre to it
> so then it will hopefully behave like a Cisco doing WCCP2 with an
> external squid box with wccp2 configured.
>
> Purpose is modest :- Use it to check if the squid is set up correctly
> without disturbing existing network.
>
> Maybe you could be a little more specific about if you were to do it,
> how would you go about doing it. More specifically when the
> squid is 'tproxy transparent', ie when the forward path is spoofed,
> how to you handle the routing of the return path.
>

oook, but so far you did not told us what you wanted to do but asked for
level and layer things ...

I believe you do not need WCCP2 if you do not use a Cisco router and I
myself am not sure if this is a solution but kind of a workaround at all
but that is only my opinion

In order to get to a remote cache you need to configure only and lonely
package forwarding in order to make it work, this is supposed to happen on
your gateway where you intercept tcp:80 traffic destined to the external
world and forward it to the tcp port where your squid is listening at the
remote server

that is all you need, requirements that your gateway linux runs as a
gateway and has any kind of firewall package which can do the forward

you find zillions of examples for any kind of firewall on the net or in
the man page of your firewall package, it is easier as you might think

Michel

...

****************************************************
Datacenter Matik http://datacenter.matik.com.br
E-Mail e Data Hosting Service para Profissionais.
****************************************************
Received on Fri Jul 20 2007 - 05:49:10 MDT