Henrik Nordstrom wrote:
On Thu, 26 May 2005, Matus UHLAR - fantomas wrote:
I'm afraid there's nothing like reverse intercepting proxy although it's
possible to do it. Maybe some hardware proxying solutions...
There is the TPROXY patch for Linux.
Another option is tcp_outgoing_address combined with NAT outside the
proxy. Set up one private tcp_outgoing_address per client IP and then
NAT these to the real client IP before the traffic leaves your network.
[So is patching with the tproxy patch one of the options or both
combined with the tcp_outgoing_address?]
Both has very strict requirements on your networking setup as all
return traffic must go via the proxy even if the destination IP is the
client IP.
[You are right all traffic passes through the proxy.Is it okay if I do
the NATING on the same box as squid or some other box has tobe setup?
You will excuse me for insisting I can't stop usind squid just beacuse
of some sites blocking my squid box next time I rather they block a
particular host or network.Please advise.
Thanks
Ronny]
Regards
Henrik
--
***************************************************************************
/ ''We can't become what we need to be by remaining what we are''\
\ ,, ,,/
***************************************************************************
