Diegmueller, Jason (I.T. Dept) wrote:
> So is there any "clean" way to implement an almost INVISIBLE proxy server?
> Perhaps do bridging between the "outisde" and "inside" iterfaces, but still
> have the ability to hijack requests to TCP port 80 and deliver them to
> squid?
>
> Has anyone done anything like this before? If so, do share. If not, think
> I'm on the right path? Does this sound feasible?
Don't know if bridging and redirection can be combined in Linux, but I
think so. I have a wague memory of some old article combining ipfwadm
redirection and bridging..
I know for sure that you can intercept packets while using proxy-ARP
routing. I played around with proxy-ARP setups during firewall/proxy
development. Worked like a charm except that it must be set up both ways
or the machine behind the proxy will have trouble finding it's way out.
Bridging is easier and I would recommend first trying out if bridging
can be combined with redirection.
> I'd just like to implement a squid proxy WITHOUT having to redesign a lot
> of things (and in the process piss of the systems team). I considered doing
> a route-map on the Cat5505's RSM but when I was playing around with that
> yesterday load went through the roof (this is an awfully busy Catalyst).
Again, proxy-ARP or bridging will avoid that ;-).
Both also have the benefit of a trivial backout plan. If there is any
trouble shut down the proxy machine and connect the servers directly to
the LAN.
-- Henrik Nordstrom Squid hackerReceived on Wed May 31 2000 - 16:59:09 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:53:44 MST