MontyRee wrote: > Hello, all. > > > I want to set two transparent firewall. As in two boxes? one box with two firewall softwares running on it? or _one_ firewall with control over both internal and external traffic? PS. The words 'transparent' and 'firewall' are opposites. There is no such thing. 'transparent' - to be invisible. 'firewall' - solid block preventing communication. > > One is a monitoring and dropping against outbound http traffic at the office. > I'm planning to setup transparent squid. > > The other is a monitoring the inbound web hacking trial like a sql injection in front of the web server. > I'm planning to setup modsecurity or apache proxy mode. Apache proxy is not worth it. Squid can be a reverse-proxy and do that much better. http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator > > When I searching the document about how to redirect the http traffic, there were two ways to implement by iptables. > > one is using tproxy > the other is redirect > > I don't know the difference between them. > > What's the difference between them? The biggest difference: REDIRECT is NAT. TPROXY is not. REDIRECT is destroying IP information during transit through the proxy. It is better named 'interception'. 'transparency' does actually happen. TPROXY is spoofing the outward IPs so that destination sites can see the real client IP as the source, not the proxy. Real transparency of IP addresses. > and Which function should I use? Either. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18 Current Beta Squid 3.1.0.13
