On Mon, 5 Dec 2011 17:31:45 +0100, Leonardo wrote:
> On Thu, Dec 1, 2011 at 1:18 PM, Amos Jeffries wrote:
>> Squid supports transparent proxy (not the NAT interception people
>> call the
>> same).
>> http://wiki.squid-cache.org/Features/Tproxy4
>
>
> My Squid is already compiled to function as transparent:
> Squid Cache: Version 3.1.7
> configure options: '--enable-linux-netfilter' '--enable-wccp'
> '--prefix=/usr' '--localstatedir=/var' '--libexecdir=/lib/squid'
> '--srcdir=.' '--datadir=/share/squid' '--sysconfdir=/etc/squid'
> 'CPPFLAGS=-I../libltdl' --with-squid=/root/squid-3.1.7
> --enable-ltdl-convenience
>
> Is Tproxy4 a kind of super-transparent feature (i.e. does it allow
> the
> next-hop to see the client IP instead of the Squid IP)?
The 'T' in TPROXY means 'transparent'. It is transparent down to the IP
layer. Like glass, transparent both ways. Neither end aware the proxy is
present unless they explicitly do some active tests to identify it.
Where that thing properly called "NAT interception", which a lot of
people wrongly call "transparent", is not transparent at all. It is HTTP
*translation* (the 'T' in NAT). Like one-way mirrors. with the Server
facing the mirror and trivially able to see that something is in the
way.
Amos
Received on Mon Dec 05 2011 - 22:38:15 MST
This archive was generated by hypermail 2.2.0 : Tue Dec 06 2011 - 12:00:03 MST