Gilad Ben-Yossef wrote:
>
> Gavrie Philipson wrote:
> > Shachar Shemesh wrote:
> > > Doesn't that require that the router handling all the traffic be a NAT
> > > machine? At our place we currently have a CheckPoint FW-1 firewall, and I am
> > > not sure that it supports transperant proxying (though it is quite possible
> > > that it does, Linux isn't the only solution, you know). I don't think adding
> > > another machine will be a good idea.
> >
> > Why would the router have to perform NAT? It just has to block outgoing
> > connections to port 80, and reroute them to the port that Squid listens
> > on.
>
> Routing the packets meant for the remote web server to the proxy wont do
> any good. The proxy only listens to packets meant for it. Therefore the
> route will have to re-write the packets so that they seem to be directed
> to the proxy server. By definition, this is Network Address Translation,
> although it is different from the more common case where the reasoning
> is to hide many machines behind one pi.
You are mistaken. When Squid is configured in transparent mode, it'll
listen to all packets passing through it -- no address translation
needed. See, for example,
http://www.unxsoft.com/transproxy-linux21-squid2.html for details.
Gavrie.
--
Gavrie Philipson
Netmor Applied Modeling Research Ltd.
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
