[tproxy] tproxy on firewall redirecting to squid located on different ip on same subnet

Sun Jan 23 06:21:28 CET 2011

I've done something like this with policy routing (ip rule/ip route) on firewall. i didn't check the performance, but you can find my complete example here :
http://pmoghadam.com/blog/categories/Slackware/Squid%203.1.5.1%20-%20TPROXY%20-%20Linux%20Router.txt
search for "Linux Router / cache-redirect" to see the script that do actual policy routing.

Regards
Pejman Moghadam

--- On Wed, 1/19/11, Ivan Boyadzhiev <ivancho.b at gmail.com> wrote:

From: Ivan Boyadzhiev <ivancho.b at gmail.com>
Subject: [tproxy] tproxy on firewall redirecting to squid located on different ip on same subnet
To: tproxy at lists.balabit.hu
Date: Wednesday, January 19, 2011, 5:33 PM

Hi Colleagues,
First I would like to thank you for the great Tproxy that you've made. The idea of marking the packets and no changing of ip header is brilliant!
I've read all information about tproxy. The most useful pages were:

http://wiki.squid-cache.org/Features/Tproxy4
http://www1.shorewall.net/Shorewall_Squid_Usage.html#TPROXY

still there is documented how to use tproxy when the Firewall (Gateway) and Squid are on the same machine.

In my case I do have 2 different servers, for Firewall (and Gateway) and Squid. The Firewall or Gateway doesn't permit any traffic to external internet. And everyone who wants internet has to setup proxy setting of the Squid server, which is in same subnet.

My question is: is it possible to use TPROXY for redirecting such traffic to the squid. If so, can you provide some useful example that I can apply in my case. 

Thanks again and Best Regards
Ivan Boyadzhiev

-----Inline Attachment Follows-----

_______________________________________________
tproxy mailing list
tproxy at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/tproxy

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20110122/284cbea5/attachment.htm 