On Fri, 2002-11-08 at 19:11, Henrik Nordstrom wrote:
> Robert Collins wrote:
>
>
> > Ident *may* work. You will need to guarantee that the ident request
> > appears to come from the origin server, not the proxy. This will need a
> > magic L7 switch, or some iptables/ipfilter style magic.
>
> iptables/netfilter cannot yet do this easily. There is only support for
> intercepting connections, not making connections with foreign source IP
> addresses.
>
> There is a experimental netfilter patch floating around (should be in
> iptables patch-o-matic) which adds the capability to make connections
> with foreign IP addresses and a better framework for intercepting
> connections. However, Squid will need to be modified to make use of the
> new TCP/IP hooks provided to make use of this feature.
Yep.. thus 'magic' :]
Rob
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:14 MST