a-o-a
what is the differnce between intercepting and normal
proxying, and why intercepting is bad....what about
wccp ????
Transparent proxying is one form of
intercepting is not it ?
--- Henrik Nordstrom <hno@marasystems.com> wrote:
> I have a patch for iptables to enable the use of
> DNAT/REDIRECT in OUTPUT
> (and SNAT in INPUT), but generally it is better if
> you can do normal
> proxying. Intercepting TCP is bad.
>
> Regards
> Henrik Nordström
> CTO
> MARA Systems AB, Sweden
>
>
> Dirk Wagner wrote:
> >
> > Henrik Nordstrom schrieb:
> > >
> > > Should work if the traffic is routed there for a
> start.. See the Squid
> > > FAQ for details on how Squid needs to be
> configured.
> > >
> > > You can only intercept traffic routed to the
> box.
> >
> > That's the problem. IMHO, it can't work with the
> browser and the proxy running
> > on the same machine as a transparent proxy. Now I
> do it with iptables. The
> > line:
> >
> > iptables -A OUTPUT -d ! 127.0.0.1 -m owner
> --uid-owner 500 -j REJECT
> >
> > will force the use Squid on the loopback
> interface, because all packets in the
> > OUTPUT chain with the destination 0/0, except the
> localhost, and all packets
> > generated by a process running with uid=500 will
> be rejected. Squid is no
> > longer in a "transparent" mode, but this doesn't
> matter.
> >
> > Dirk
> > --
> > Dirk-Michael Wagner *** Wagner.Dirk-Michael@web.de
> >
> > Open Minds. Open Sources. Open Future. - Linux!
=====
Regards,
Mohsin Khan
>>>Happy is the who can smile<<<
__________________________________________________
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/
Received on Wed Jan 23 2002 - 13:26:52 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:55 MST