Clifton Royston wrote:
> # Redirect everything else to squid on port 3128
> rdr de0 0.0.0.0/0 port 80 -> 10.2.3.5 port 3128 tcp
This is not the correct approach to the problem.
The IP-Filter rule for redirecting "foreign" port 80 to the Squid port
must be on the same machine, or Squid will have no way to find the real
intended destination IP.
On the router/gateway you should use some kind of policy routing to
route port 80 traffic to the cache server, but not rewrite the
addresses.
Beware that TCP hijacking has it's problems at multiple levels.
* Path MTU discovery or other functions relying on ICMP does not work
properly
* Reload does not work in IE
* Secondary routes makes things sporadically fail with connection reset
-- Henrik Nordstrom Spare time Squid hackerReceived on Wed Sep 22 1999 - 16:30:09 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:48:31 MST