Re: [squid-users] about squid with ident

From: Robert Collins <robertc@dont-contact.us>
Date: 08 Nov 2002 20:09:53 +1100

On Fri, 2002-11-08 at 19:11, Henrik Nordstrom wrote:
> Robert Collins wrote:
>
>
> > Ident *may* work. You will need to guarantee that the ident request
> > appears to come from the origin server, not the proxy. This will need a
> > magic L7 switch, or some iptables/ipfilter style magic.
>
> iptables/netfilter cannot yet do this easily. There is only support for
> intercepting connections, not making connections with foreign source IP
> addresses.
>
> There is a experimental netfilter patch floating around (should be in
> iptables patch-o-matic) which adds the capability to make connections
> with foreign IP addresses and a better framework for intercepting
> connections. However, Squid will need to be modified to make use of the
> new TCP/IP hooks provided to make use of this feature.

Yep.. thus 'magic' :]

Rob

Received on Fri Nov 08 2002 - 02:09:56 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:14 MST