tproxy on firewall redirecting to squid located on different ip on same subnet
Hi Colleagues, First I would like to thank you for the great Tproxy that you've made. The idea of marking the packets and no changing of ip header is brilliant! I've read all information about tproxy. The most useful pages were: http://wiki.squid-cache.org/Features/Tproxy4 http://www1.shorewall.net/Shorewall_Squid_Usage.html#TPROXY still there is documented how to use tproxy when the Firewall (Gateway) and Squid are on the same machine. In my case I do have 2 different servers, for Firewall (and Gateway) and Squid. The Firewall or Gateway doesn't permit any traffic to external internet. And everyone who wants internet has to setup proxy setting of the Squid server, which is in same subnet. My question is: is it possible to use TPROXY for redirecting such traffic to the squid. If so, can you provide some useful example that I can apply in my case. Thanks again and Best Regards Ivan Boyadzhiev
In this case you need to use NAT. TPROXY redirection only works within the local kernel. ----- Original message -----
Hi Colleagues, First I would like to thank you for the great Tproxy that you've made. The idea of marking the packets and no changing of ip header is brilliant! I've read all information about tproxy. The most useful pages were: http://wiki.squid-cache.org/Features/Tproxy4 http://www1.shorewall.net/Shorewall_Squid_Usage.html#TPROXY
still there is documented how to use tproxy when the Firewall (Gateway) and Squid are on the same machine.
In my case I do have 2 different servers, for Firewall (and Gateway) and Squid. The Firewall or Gateway doesn't permit any traffic to external internet. And everyone who wants internet has to setup proxy setting of the Squid server, which is in same subnet.
My question is: is it possible to use TPROXY for redirecting such traffic to the squid. If so, can you provide some useful example that I can apply in my case.
Thanks again and Best Regards Ivan Boyadzhiev
I've done something like this with policy routing (ip rule/ip route) on firewall. i didn't check the performance, but you can find my complete example here : http://pmoghadam.com/blog/categories/Slackware/Squid%203.1.5.1%20-%20TPROXY%... search for "Linux Router / cache-redirect" to see the script that do actual policy routing. Regards Pejman Moghadam --- On Wed, 1/19/11, Ivan Boyadzhiev <ivancho.b@gmail.com> wrote: From: Ivan Boyadzhiev <ivancho.b@gmail.com> Subject: [tproxy] tproxy on firewall redirecting to squid located on different ip on same subnet To: tproxy@lists.balabit.hu Date: Wednesday, January 19, 2011, 5:33 PM Hi Colleagues, First I would like to thank you for the great Tproxy that you've made. The idea of marking the packets and no changing of ip header is brilliant! I've read all information about tproxy. The most useful pages were: http://wiki.squid-cache.org/Features/Tproxy4 http://www1.shorewall.net/Shorewall_Squid_Usage.html#TPROXY still there is documented how to use tproxy when the Firewall (Gateway) and Squid are on the same machine. In my case I do have 2 different servers, for Firewall (and Gateway) and Squid. The Firewall or Gateway doesn't permit any traffic to external internet. And everyone who wants internet has to setup proxy setting of the Squid server, which is in same subnet. My question is: is it possible to use TPROXY for redirecting such traffic to the squid. If so, can you provide some useful example that I can apply in my case. Thanks again and Best Regards Ivan Boyadzhiev -----Inline Attachment Follows----- _______________________________________________ tproxy mailing list tproxy@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/tproxy
participants (3)
-
Balazs Scheidler
-
Ivan Boyadzhiev
-
Pejman Moghadam