On 5/12/2011 7:34 p.m., Nguyen Hai Nam wrote:
> Hi,
>
>
> As last time I had a squid box working in interception mode as well:
> traffic was redirected from default gateway to squid box, then IP-filter
> will NAT to intercepting squid. Look like this:
>
> INTERNET Router
> |
> |
> Switch----Default gateway
> | \
> | \
> | + Squid box
> |
> |
> LAN
>
>
> But I'm thinking that I don't have access to default gateway router to
> modify http traffic to squid, so I do add one more NIC to squid box and
> change topo to this:
>
> INTERNET Router
> |
> |eth1
> Squid
> |eth0
> |
> Switch----Default gateway
> |
> |
> |
> LAN
>
> I've just tried to do so, but the traffic passed through and don't come
> to Squid. So the box is like a switch only. How can I do to make sure
> http traffic always comes to squid?
"Like a switch"? or or did you really mean "like a bridge"?
* switch ... no solution. Switches do not perform the NAT operations
required for interception. They also don't run software like Squid, so I
think this is a bad choice of word in your description.
* bridge ... requires dropping packets out of the bridge into the
routing functionality. See the bridge section at
http://wiki.squid-cache.org/Features/Tproxy4#ebtables_on_a_Bridging_device
Amos
Received on Mon Dec 05 2011 - 12:25:30 MST
This archive was generated by hypermail 2.2.0 : Mon Dec 05 2011 - 12:00:03 MST