> Gilad Ben-Yossef wrote:
> >
> > Gavrie Philipson wrote:
> > >
> > > Why would the router have to perform NAT? It just has to block outgoing
> > > connections to port 80, and reroute them to the port that Squid listens
> > > on.
> >
> > Routing the packets meant for the remote web server to the proxy wont do
> > any good. The proxy only listens to packets meant for it. Therefore the
> > route will have to re-write the packets so that they seem to be directed
> > to the proxy server. By definition, this is Network Address Translation,
> > although it is different from the more common case where the reasoning
> > is to hide many machines behind one pi.
>
> You are mistaken. When Squid is configured in transparent mode, it'll
> listen to all packets passing through it -- no address translation
> needed. See, for example,
> http://www.unxsoft.com/transproxy-linux21-squid2.html for details.
Ah... but this page specifically (item #7) instruct the seekers of
transparent proxies to turn on the *kernel* IPchains firewalling/NAT
code on and use it's transparent proxy option. What this option does is
rewriting packets going through the machine (the "forward" chain, in
IPChains speak) to reach a local socket instead.
Now I agree that the packets are never released unto the network, but
they are rewritten so that the local machine IP stack will send them to
the local socket.
You know what, it's a border line case. Let's call it a draw ;-)
--
Gilad Ben-Yossef <[EMAIL PROTECTED]>
http://kagoor.com | +972(9)9565333 x230 | +972(54)756701
"I've been seduced by the chocolate side of the force."
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
