Gavrie Philipson wrote:
> Shachar Shemesh wrote:
> > Doesn't that require that the router handling all the traffic be a NAT
> > machine? At our place we currently have a CheckPoint FW-1 firewall, and I am
> > not sure that it supports transperant proxying (though it is quite possible
> > that it does, Linux isn't the only solution, you know). I don't think adding
> > another machine will be a good idea.
>
> Why would the router have to perform NAT? It just has to block outgoing
> connections to port 80, and reroute them to the port that Squid listens
> on.
Routing the packets meant for the remote web server to the proxy wont do
any good. The proxy only listens to packets meant for it. Therefore the
route will have to re-write the packets so that they seem to be directed
to the proxy server. By definition, this is Network Address Translation,
although it is different from the more common case where the reasoning
is to hide many machines behind one pi.
Gilad.
--
Gilad Ben-Yossef <[EMAIL PROTECTED]>
http://kagoor.com | +972(9)9565333 x230 | +972(54)756701
"I've been seduced by the chocolate side of the force."
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
