Gilad Ben-Yossef wrote:
>
> Ah... but this page specifically (item #7) instruct the seekers of
> transparent proxies to turn on the *kernel* IPchains firewalling/NAT
> code on and use it's transparent proxy option. What this option does is
> rewriting packets going through the machine (the "forward" chain, in
> IPChains speak) to reach a local socket instead.
>
> Now I agree that the packets are never released unto the network, but
> they are rewritten so that the local machine IP stack will send them to
> the local socket.
>
> You know what, it's a border line case. Let's call it a draw ;-)
>
> --
> Gilad Ben-Yossef <[EMAIL PROTECTED]>
> http://kagoor.com | +972(9)9565333 x230 | +972(54)756701
> "I've been seduced by the chocolate side of the force."
>
Actually, I don't believe in draws. Either I need to route all my traffic through
the linux machine, or I don't. If I do - I don't care whether NAT is being
employed or not. If I don't, I don't care either.
What I see here is that I need to install on my router a rule that says, more or
less, "If the packet is destined to go to port 80 of any machine, route it to the
proxy, otherwise, route it usually". I don't think a regular router can do such a
thing. I don't even think that CheckPoint's FW-1 can do such a thing. It can do
exactly what I wanted to begin with (i.e. - change packets so that they all go to
the proxy machine), but that's a NAT again.
Shachar
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
