http://en.tldp.org/HOWTO/TransparentProxy-6.html did u go through it ? if not should help i think. On Tue, 13 Jul 2004 10:00:46 +0100, Antony Stone <antony@xxxxxxxxxxxxxxxxxxxx> wrote: > > > On Tuesday 13 July 2004 9:50 am, Gavin Hamill wrote: > > > On Monday 12 July 2004 16:31, Antony Stone wrote: > > > How about *configuring* the clients so they use the proxy "properly" > > > instead of doing transparent redirection? Then you can keep the Squid > > > box on the same subnet as the clients, and still block people trying to > > > do TCP port 80 straight through the firewall (only one source IP is > > > allowed - the Squid box). > > > > The reason has been the desire to not have to ferry around dozens of > > machines configuring proxy settings, really. I'll certainly give the > > seperate-subnet idea some thought :) > > Have you investigated proxy auto-configuration? Take a look at the Squid > documentation and you will learn how most browsers can be pointed at a .pac > file (possibly by being redirected by your firewall to a trivial webserver > running somewhere if they try to go direct - doesn't have to be the proxy > itself), and this will configure the proxy settings without a techie having > to go near the keyboard.... > > Regards, > > Antony. > > -- > The idea that Bill Gates appeared like a knight in shining armour to lead all > customers out of a mire of technological chaos neatly ignores the fact that > it was he who, by peddling second-rate technology, led them into it in the > first place. > > - Douglas Adams in The Guardian, 25th August 1995 > > > > Please reply to the list; > please don't CC me. > >
