On Mon, 5 Dec 2011 17:31:45 +0100, Leonardo wrote:
On Thu, Dec 1, 2011 at 1:18 PM, Amos Jeffries wrote:
Squid supports transparent proxy (not the NAT interception people
call the
same).
http://wiki.squid-cache.org/Features/Tproxy4
My Squid is already compiled to function as transparent:
Squid Cache: Version 3.1.7
configure options: '--enable-linux-netfilter' '--enable-wccp'
'--prefix=/usr' '--localstatedir=/var' '--libexecdir=/lib/squid'
'--srcdir=.' '--datadir=/share/squid' '--sysconfdir=/etc/squid'
'CPPFLAGS=-I../libltdl' --with-squid=/root/squid-3.1.7
--enable-ltdl-convenience
Is Tproxy4 a kind of super-transparent feature (i.e. does it allow
the
next-hop to see the client IP instead of the Squid IP)?
The 'T' in TPROXY means 'transparent'. It is transparent down to the IP
layer. Like glass, transparent both ways. Neither end aware the proxy is
present unless they explicitly do some active tests to identify it.
Where that thing properly called "NAT interception", which a lot of
people wrongly call "transparent", is not transparent at all. It is HTTP
*translation* (the 'T' in NAT). Like one-way mirrors. with the Server
facing the mirror and trivially able to see that something is in the
way.
Amos
