Re: [squid-users] transparent proxy routing

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Mon, 1 Sep 2003 09:14:05 +0200

On Monday 01 September 2003 06.18, cc wrote:

> But how do I restrict Src ips? As it
> stands, all the port 80 packets that
> are sent to the 'net from the clients
> are DNATd to the Squid box and SNAT
> from the routing-box.

Don't NAT, just route the packets via a different route (policy
routing).

If there is other routers inbetween the interception point and the
Squid box then use a GRE tunnel, if not direct routing.

For reliable session routing in iptables you can use the CONNMARK
module. See iptables patch-o-matic extras.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com
Received on Mon Sep 01 2003 - 01:16:12 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:27 MST