[tproxy] TPROXY and network layout
Nataniel Klug
nata at cnett.com.br
Thu Jun 26 15:09:54 CEST 2008
Hello my friends,
I have a new question about TPROXY. I have not put the tproxy+squid
cache into work yet becouse I have this question. Lets talk about my
layout plan:
[router]0<<>>0[linux.qos]1<<>>0[linux.tproxy.cache]1<<>>X[clients]
So, about ip and routes:
[router]0
IP: 200.xxx.208.1
Netmask: 255.255.255.252
route add -net 200.xxx.208.4/32 gw 200.xxx.208.2
0[linux.qos]
IP: 200.xxx.208.2
Netmask: 255.255.255.252
GW: 200.xxx.208.1
[linux.qos]1
IP: 172.16.0.1
Netmask: 255.255.255.252
route add -net 200.xxx.208.4/32 gw 172.16.0.2
0[linux.tproxy.cache]
IP: 172.16.0.2
Netmask: 255.255.255.252
GW: 172.16.0.1
[linux.tproxy.cache]1
IP: 200.xxx.208.5
Netmask: 255.255.255.252
X[clients]
IP: 200.xxx.208.6
Netmask: 255.255.255.252
GW: 200.xxx.208.5
Using this layout I can provide full access to the client listed. If
I use an iptables rule and squid in transparent mode (not tproxy) it is
cached normal. My question is:
Using tproxy is that necessary that my cache server has an ip that
can be reached from the outside world or can it be only made a
masquerade into server QOS?
--
Att,
NATANIEL KLUG
nata at cnett.com.br
LEIA O DIA-A-DIA DO NATA
http://nataklug.blogspot.com/
Cyber Nett - Internet Banda Larga
www.cnett.com.br
(42) 3635-2957
Rua Diogo Pinto, 1046, Centro
Laranjeiras do Sul - PR
Brasil - 85301-290
"... também os sábios possuem coração tangível e podem, por vezes, usar da ciência como meio de demonstrar impressões sentimentais de que muitos não os julgam suscetíveis."
Visconde de Taunay
More information about the tproxy
mailing list