[SQU] Layer 4 switching and IPChains

From: Ken Kirchner <kenk@dont-contact.us>
Date: Wed, 23 Aug 2000 02:33:25 -0500 (CDT)

Hey all,

  We are using a layer 4 switch to pump all port 80 TCP/IP traffic to two
squid servers. This is all warm and fuzzy and working wonderfully.

The problem we are having is that we are transparently proxying our
customers and this "breaks" a few of their applications. Since there is
no "forward" acl operator in squid (only "allow" or "deny"), I am looking
for ways to selectively eliminate an IP or group of IP's from squid's
proxying. I've just finished reading over squid's documentation and I cant
find anything that will work with transparent proxying (The switch only
has 1 ACL if you can believe it).

What I'm now looking into is a way to add rules to ipchains on the squid
boxes. These rules would forward packets from the selected IP's straight
to our border router for direct processing and bypass squid all together.

Am I mad? Am I insane? Is anyone else doing something like this? Will
it even work??

The lists will hopefully be very short (and static of course).

-- 
Ken Kirchner                   :  kenk@shreve.net
Assitant System Administrator  :  Tel (318)222-2638
ShreveNet, Inc.                :  Fax (318)213-2650
ShreveNet - Your Premium Internet Service Provider!
--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Wed Aug 23 2000 - 01:36:50 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:55:04 MST