On Mon, 31 Mar 2003, c0g wrote:
Just now I realized, that connections forwarded to squid will make squid ~ initiate connection to outside world... with its own source IP... :-P
But maybe there is solution to my traffic shaping problem? Maybe zorp and/or netfilter can do some magic to translate this connections? Or maybe Zorp has http-cache, so I don't need squid?
Hi, Zorp does not hava a built-in http-cache functionality. What you can do is the following: Have your squid in you intranet, and the clients connect to it. The zorp accepts connections only from the squid. When the squid requests an URL from the zorp it puts a X-Forwarded-For: header in the request. With some tricks Zorp can do an SNAT-based on that header. So you can cache the connection, and the connections will look like as they come from the original client. Of course in this way you have to trust the squid, which might be a security risk, and you should also do some kind of verification on the header value. In this way you are not transparent to the clients, cause you have to set the squid as a parent-proxy. I'am just thinking about a soultion to make zorp+squid absolutly transparent to the clients and to the servers. Hope it helps you, Marci