Re: [squid-users] bridge + tproxy

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Mon, 07 Oct 2013 00:20:15 +1300

On 4/10/2013 11:16 p.m., Alfredo Rezinovsky wrote:
> I have a squid in tproxy mode running in a bridge.
> Let name LAN side the one connected to the clients and WAN side the
> one connected to the gateway.
> I'm using Ubuntu server LTS with a 3.5.0 kernel
>
> The LAN network has various sub-networks, handled with many different
> IPs in the gateway.
>
> When a client starts a connection to an external server, port 80, the
> proxy intercepts it, process, and answers, allways using the client IP
> for the outgoing packets and the external server ip for the packets
> sent to the client.
>
> The proxy still needs is own IP for 3 reasons:
>
> * Ask DNS queries to a local DNS server (still can't force squid to
> use the original destination IP without asking DNS, or to use the
> TPROXY client ip for the DNS query)
> * Ask ARP to the clients
> * Remote access to the proxy for administration.

* serving error page embeded objects to clients.

>
> Some clients that are in strict mode, refuses to answer ARP when the
> proxy asking IP is not in the same IP network.
>
> There's a way to let linux learn ARP in passive mode when no one
> answers ARP?
>

You will have to ask the networking people for Linux that question.

Amos
Received on Sun Oct 06 2013 - 11:20:22 MDT

This archive was generated by hypermail 2.2.0 : Mon Oct 07 2013 - 12:00:08 MDT