Re: [squid-users] Question about transparent proxy + duplicate IPs: is it possible?

From: Marco Simioni <m.simioni@dont-contact.us>
Date: Tue, 3 Oct 2006 15:10:51 +0200

> > Btw what happens on my linux box?
>
> It won't know who is who of the two and things will behave very odd for
> those stations.
>
> To get around this you need to use a vlan per port, and some advanced
> connection marking and policy routing on the linux box to route each to
> their correct port (vlan). This will work most of the time, but it can
> not be 100% guaranteed and will fail if the two stations choose the same
> source port while talking to the same destination at the same time..
>
Good idea. I'm not a linux-marker-expert; but can my box NAT
connections coming from two different vlans, even if they come from
identical ips (but of course from different macs)? Or the NAT
connections will go crazy?

Can u explain in few words what would be your idea about marking and
routing? I would have to use 802.1p VLANs and then create an interface
in LINUX for every VLAN? Then, an independent NAT is applied to every
interface, so that if two identical IPs come from different VLANs,
their NATTing will not collide?

What happens if i have an access point connected at my network too,
and i want to perform the same task on wireless connected devices? I
suppose that all the traffic coming from that AP will be tagged with
the same value, so that i cannot identify every independent flow,
right?

Well, thanks a lot for your answer.
Best regards,

Marco
Received on Tue Oct 03 2006 - 07:10:54 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Nov 01 2006 - 12:00:04 MST