I have a squid in tproxy mode running in a bridge.
Let name LAN side the one connected to the clients and WAN side the one
connected to the gateway.
I'm using Ubuntu server LTS with a 3.5.0 kernel
The LAN network has various sub-networks, handled with many different
IPs in the gateway.
When a client starts a connection to an external server, port 80, the
proxy intercepts it, process, and answers, allways using the client IP
for the outgoing packets and the external server ip for the packets sent
to the client.
The proxy still needs is own IP for 3 reasons:
* Ask DNS queries to a local DNS server (still can't force squid to
use the original destination IP without asking DNS, or to use the
TPROXY client ip for the DNS query)
* Ask ARP to the clients
* Remote access to the proxy for administration.
Some clients that are in strict mode, refuses to answer ARP when the
proxy asking IP is not in the same IP network.
There's a way to let linux learn ARP in passive mode when no one answers
ARP?
--
Alfrenovsky