Henrik Nordstrom a écrit:
> tis 2003-02-25 klockan 16.12 skrev Fabien Salvi:
>
>
>>I suppose the response to the client *must* use the real destination
>>server IP for IP source address to not be dropped by it ?
>>
>>So, I suppose I must use NAT in iptables to do this ?
>>Is this possible ?
>
>
> Yes.
>
>
>>In squid, I thought there was a mecanism to change the IP source address
>>of the reply.
>>Is this the reallity ?
>
>
> This is done automatically by the TCP/IP kernel when you configure the
> host to redirect port 80 to Squid (via NAT). Without it the TCP would
> not at all operate in transparent interception mode, and Squid is an
> application ontop of TCP.
>
> The same TCP/IP redirect methods can be used to redirect the traffic to
> ANY TCP/IP application on the host, or even on a remote server if you
> prefer. It is just a variant of NAT. The only specific support required
> in the application is if the application is interested in knowing the
> originally intended destination (which is not the case in your case).
Ok, thanks a lot Henrik !
These things were a bit "obscure" to me.
Now, I understand. I thought it was a userspace mechanism (like we can
fake an IP with sendip or other packet generator) but in fact, it's a
kernelspace mechanism...
I've just try this and it works well.
Thanks again.
-- Fabien SALVI Centre de Ressources Informatiques Archamps, France -- http://www.cri74.org PingOO GNU/linux distribution : http://www.pingoo.orgReceived on Tue Feb 25 2003 - 10:21:30 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:36 MST