Henrik Nordstrom wrote:
> Don't NAT, just route the packets via a different route (policy
> routing).
What do you mean?
>
> If there is other routers inbetween the interception point and the
> Squid box then use a GRE tunnel, if not direct routing.
>
> For reliable session routing in iptables you can use the CONNMARK
> module. See iptables patch-o-matic extras.
>
I'm in the midst of recompiling the kernel with Connmark module
enabled. Perhaps this might be able to help me figure this transparent
proxy out.
Thanks!
Received on Mon Sep 01 2003 - 02:05:17 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:27 MST