On 19/10/11 23:10, zozo zozo wrote:
>>> I.e. I can't put my transparent proxy to internet, I need it to be in
>>> same IP space as my network interface?
>>
>> You can put it anywhere you like. There are only two requirements:
>>
>> 1) NAT happens on the same OS.
>> So Squid can have direct access to the NAT data to undo the
>> destination IP erasure.
>>
>> 2) Squid needs access to the same DNS as the clients.
>> To verify the packets destination IP matches the HTTP requested
>> domain.
>
> But I can't redirect to outer networks using policy routing, only to gateways I have direct access to. I.e. not Internet.
> I have a rented Linux machine out there in the Internet, to route packets there I'd need access to all ISP's gateways.
> NAT seems to be my only option to send packets there.
Or a tunnel between the boxes. The tunnel wrapper IP can go through the
NAT process without loosing the original packet IP.
>
> And can I trick squid by putting same iptables rules to that machine?
> Or by another NAT, like one machine NATs to port 3129, and on squid machine it NATs to 3128?
iptables would have as much trouble reversing the NAT on a different
machine as Squid would.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.16 Beta testers wanted for 3.2.0.13Received on Thu Oct 20 2011 - 08:16:24 MDT
This archive was generated by hypermail 2.2.0 : Thu Oct 20 2011 - 12:00:03 MDT