[tproxy] TPROXY + Arp Table

Jojy Varghese jojygv at yahoo.com
Fri Aug 17 20:04:08 CEST 2007


Thanks Bazsi. Does it mean that the patch wont work in a WCCP configuration? Because with WCCP, the proxy cannot be the router nor can it be inline with the router. Googling on this problem led me to this link :
http://wiki.squid-cache.org/ConfigExamples/FullyTransparentWithTPROXY.

I am unable to figure out how Squid in WCCP mode can work with the patch. What I am trying to do is something similar.

thanks again
Jojy



----- Original Message ----
From: Balazs Scheidler <bazsi at balabit.hu>
To: Jojy Varghese <jojygv at yahoo.com>
Cc: tproxy at lists.balabit.hu
Sent: Friday, August 17, 2007 12:14:13 AM
Subject: Re: [tproxy] TPROXY + Arp Table

On Thu, 2007-08-16 at 13:21 -0700, Jojy Varghese wrote:
> Thanks Bazsi. In a real life scenario, where my proxy server will be
> inside a firewall how can the proxy server make the routing decision?
> The trafic is always going to flow through the firewall/router and
> then come to the subnet having the proxy server.

In order for tproxy to work the traffic must flow through the tproxy
box. Either install the proxy on the firewall, or put it in-line with
the firewall. That's the only way to do it.

With Zorp you could script a different scenario, but I guess you are not
using Zorp as a firewall.

-- 
Bazsi








       
____________________________________________________________________________________
Got a little couch potato? 
Check out fun summer activities for kids.
http://search.yahoo.com/search?fr=oni_on_mail&p=summer+activities+for+kids&cs=bz 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20070817/150cabc8/attachment.htm 


More information about the tproxy mailing list