On Thu, 2004-09-16 at 08:13, Murugavel Thiruvengadam wrote:
> hi
>
> I am planning to implement setup like below
>
>
>
> users (all r in public ip) ------> pvt ip linux auth server (nated
> with pub ip in pix)---- pix- bbrouter-- Internet
>
> cache server is lying in the same auth server segment
>
> we are planing to cache all the port 80 traffic so we decided to put
> cache enginee(( ip spoof enabled) on different machine
>
> my question is when ever any dport 80 request come and hit in auth
> server. i want to redirect into cache box without nating source ip.
> bcs if we change the the source ip to cache enginee.
>
> all the request will be generated by cache enginee. i don't want it.
>
> i want to simulate port 80 redirection in L4 switch in iptables.
>
>
> when any port 80 come and hit the auth box just put into the the cache enginee.
>
> The below option will redirect into the same machine
> /sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT
> --to-port 8080
>
> the below option will change the destation ip and dport
> iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT
> --to-destination 192.168.1:8080
>
> Any suggestion welcome.
it sounds like you want WCCP. google for it and/or take a look at:
http://www.squid-cache.org/WCCP-support/Linux/
there's also a transparent proxy patch in POM (tproxy) that may or may
not be of use to you (i've never tried it).
-j
--
Jason Opperisano <opie@xxxxxxxxxxx>
