[squid-users] [Transparent Proxy] Why doesn't the proxy host drop the packets with differnet MAC

From: Henry Yuan <forwardmy_at_gmail.com>
Date: Fri, 15 Apr 2011 15:52:46 -0500

Hi folks,

A caveat, I don't have practical network management experience, so the
following could be totally nonsense ....

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
1)  To my understanding, transparent caching proxies (on the edge of
the network) basically hijacks the http traffic by stealing the
packets from the wire.
Since the hosts are not aware of the existence of this proxy, the
Dest. Mac address in those packets will not be the same as the one of
the proxy host.

In other words, I am assuming the transparent proxy is like:

Client ------------ (Squid) ------------ Server

Where the squid can steal the packets silently...

The questions are:

- Why wouldn't the proxy host drop the packets with different MAC address?

- What's the role of NAT in this setup?

- Why doesn't Squid monitor port 80 directly? (I asked this question
is a previous post, I'm just listing it here to make my questions
clear)

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
2)   Or if the squid is operated in the following mode, the MAC
address issue can be solved:

                             Squid
                               |  |
Client -------------- Edge Router ------------ Server

The packets from the clients are sent to the Router first, and then
being forwarded to the Squid machine. In this case, the packets have
the correct MAC address.
In this case the questions are,
- Does the Squid still needs the NAT setup?
- Can Squid monitor on port 80 directly?
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

3) If the above 2 setup is not what you normally do, would you please
explain how Squid is used in practice?

Thanks,
Henry
Received on Fri Apr 15 2011 - 20:52:53 MDT

This archive was generated by hypermail 2.2.0 : Sat Apr 16 2011 - 12:00:04 MDT