Re: Redirect to same LAN and preserve source IP

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Saad Faruque <faruque@gmail.com>
To: netfilter@lists.netfilter.org
Subject: Re: Redirect to same LAN and preserve source IP
Date: Mon, 19 Jul 2004 12:09:34 +0600	[thread overview]
Message-ID: <1d7da3f404071823097f8d3503@mail.gmail.com> (raw)
In-Reply-To: <200407131000.46777.Antony@Soft-Solutions.co.uk>

http://en.tldp.org/HOWTO/TransparentProxy-6.html
did u go through it ? if not should help i think.

On Tue, 13 Jul 2004 10:00:46 +0100, Antony Stone
<antony@soft-solutions.co.uk> wrote:
> 
> 
> On Tuesday 13 July 2004 9:50 am, Gavin Hamill wrote:
> 
> > On Monday 12 July 2004 16:31, Antony Stone wrote:
> > > How about *configuring* the clients so they use the proxy "properly"
> > > instead of doing transparent redirection?   Then you can keep the Squid
> > > box on the same subnet as the clients, and still block people trying to
> > > do TCP port 80 straight through the firewall (only one source IP is
> > > allowed - the Squid box).
> >
> > The reason has been the desire to not have to ferry around dozens of
> > machines configuring proxy settings, really. I'll certainly give the
> > seperate-subnet idea some thought :)
> 
> Have you investigated proxy auto-configuration?   Take a look at the Squid
> documentation and you will learn how most browsers can be pointed at a .pac
> file (possibly by being redirected by your firewall to a trivial webserver
> running somewhere if they try to go direct - doesn't have to be the proxy
> itself), and this will configure the proxy settings without a techie having
> to go near the keyboard....
> 
> Regards,
> 
> Antony.
> 
> --
> The idea that Bill Gates appeared like a knight in shining armour to lead all
> customers out of a mire of technological chaos neatly ignores the fact that
> it was he who, by peddling second-rate technology, led them into it in the
> first place.
> 
>  - Douglas Adams in The Guardian, 25th August 1995
> 
> 
> 
>                                                      Please reply to the list;
>                                                            please don't CC me.
> 
>

     prev parent reply	other threads:[~2004-07-19  6:09 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-07-12 13:19 Redirect to same LAN and preserve source IP Gavin Hamill
2004-07-12 13:38 ` Antony Stone
2004-07-12 15:12   ` Gavin Hamill
2004-07-12 15:31     ` Antony Stone
2004-07-13  8:50       ` Gavin Hamill
2004-07-13  9:00         ` Antony Stone
2004-07-19  6:09           ` Saad Faruque [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1d7da3f404071823097f8d3503@mail.gmail.com \
    --to=faruque@gmail.com \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox