<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="generator" content="Osso Notes">
<title></title></head>
<body>
<p>In this case you need to use NAT. TPROXY redirection only works within the local kernel.
<br>
<br>----- Original message -----
<br>> Hi Colleagues,
<br>> First I would like to thank you for the great Tproxy that you've made.
<br>> The idea of marking the packets and no changing of ip header is
<br>> brilliant! I've read all information about tproxy. The most useful pages
<br>> were: <a href="http://wiki.squid-cache.org/Features/Tproxy4">http://wiki.squid-cache.org/Features/Tproxy4</a>
<br>> <a href="http://www1.shorewall.net/Shorewall_Squid_Usage.html#TPROXY">http://www1.shorewall.net/Shorewall_Squid_Usage.html#TPROXY</a>
<br>>
<br>> still there is documented how to use tproxy when the Firewall (Gateway)
<br>> and Squid are on the same machine.
<br>>
<br>> In my case I do have 2 different servers, for Firewall (and Gateway) and
<br>> Squid. The Firewall or Gateway doesn't permit any traffic to external
<br>> internet. And everyone who wants internet has to setup proxy setting of
<br>> the Squid server, which is in same subnet.
<br>>
<br>> My question is: is it possible to use TPROXY for redirecting such
<br>> traffic to the squid. If so, can you provide some useful example that I
<br>> can apply in my case.
<br>>
<br>> Thanks again and Best Regards
<br>> Ivan Boyadzhiev
<br><br></p>
</body>
</html>