> > > Hm. Can the tcp_incoming_address be set to 0.0.0.0
> > > to have Squid listen for incoming connections sent
> > > to ANY ip address on port 80 when running in
> > > acceleration mode, to act as a transparent
> > > proxy without needing the ip firewall/NAT
> > > address translation portion?
> >
> > No. Binding to 0.0.0.0 is the default, listen on all available
> > interfaces.
> Hm. All *available* interfaces. What about running the NIC
> in promiscuous mode, and simply having squid listen for ANY
> inbound packet destined for whatever port the conf file specifies?
> That way, you can remove the requirement for the ipfwadm, etc.
You don't need to capture all layer 2 (MAC-level) traffic, since traffic is
already directed to one of your interfaces. A transparent proxy needs to be
in your routing path, right?
Only problem is, that instead of forwarding a packet to another host, the
packet should be forwarded to a local process. This would require a patch to
the kernel routing code. Well, if you are patching the kernel anyway, why
not add filtering capabilities?
Seems to me you would end up with something looking very much like
'ipfwadm'!
Rodney van den Oever / roever@nse.simac.nl / +31 71 3670838
Stguchi@aol.com wrote:
> do u have the bombing program ? if so please e-mail it to me
What's your IP address, I'll send it to you.
Joe
Received on Sun Mar 01 1998 - 02:16:40 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:39:06 MST