1) you setup a *nix box to run squid, irrespective of what your proxy clients are
running.
Do you have an aversion to running anything other than MS products?
2) GRE is used by the router to "transparently" proxy http requests. It is the
protocol used to talk with Squid and I am pretty
sure it is required to implement this feature. Probably easiest to do on Linux, but we
did do a lot of work and got it working on
Solaris 8 a while back just for fun.
3) NAT/PAT is easy enough to setup on IOS...
4) Lots of intelligent caching is going on at major ISP's and network providers, see
AKAMAI.
I agree that there are problems in an ISP environment with trying to proxy all traffic.
5) From what I hear the ISA "Comet" cache is supposed to be a major improvement over
Proxy 2.0 if a solution for the MS platform is
required.
----- Original Message -----
From: "mouss" <[EMAIL PROTECTED]>
To: "Carl E. Mankinen" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Monday, March 12, 2001 12:22 PM
Subject: RE: a simple question for transparent proxy
> At 01:55 12/03/01 -0500, Carl E. Mankinen wrote:
> >Have you looked at using SQUID and a GRE tunnel to a Cisco router?
> >I have used this for a transparent proxy in the past, but squid has issues
> >unfortunately.
>
> This doesn't help him if using an MS platform. He needs a modified IP stack
> anyway.
>
> As for NAT, it's not a problem if the proxy is modified to collaborate with
> NAT (for example,
> squid can work with ipnat).
>
> GRE is only needed if the proxy host is not in the data path. so it's
> generally used on Cisco
> routers to send traffic to proxies at ISP sites. Note that Cisco's WCCP is
> probably a better
> solution for that...
>
>
> While I am in, if an ISP requires that I go through a proxy to go to the
> internet, then I'd rather
> go for another ISP. There are problems using proxies:
> - they are not really transparent. Once I got a denial message by a site
> for the simple reason
> that some guy used a robot to download the whole site, and this guy came
> from the same proxy.
> (I don't agree with the site decision, but this is legitimate. so I don't
> like my ISP blocking me
> because of some other user practice)
> - they may have problems dealing with specific features. for example, an
> ISP may have installed
> a proxy that doesn't suport the last version of http (or the last features...).
> - the perf gain from caching depends on who goes where. If I don't go where
> everyone goes, then
> it just breaks my perfs.
> - transparent proxying requires the IP stack to correctly handle IP
> fragments. This is not obvious!
> (the obvious way is not good for perfs).
> - ....
>
> cheers,
> mouss
>
>
> >-----Original Message-----
> >From: [EMAIL PROTECTED]
> >[mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED]
> >Sent: Monday, March 12, 2001 1:09 AM
> >To: [EMAIL PROTECTED]
> >Subject: Re: a simple question for transparent proxy
> >
> >
> >hello :
> > I understood now after I saw the document rfc 1919.
> > It's too difficult to implement transparent proxy in a unmodified
> >tcp/ip
> > stack ,example ms system.
> > I want to know new information for this document,and which product
> > support transparent proxy?
> > I thought if use nat , transparent should be unused.
> >
> >
> >
> >===============================================
> >ΪÄã¶ø½¨£¬ÎªÄã¶øÉ裬ÈÃÄã´«µÝÕæÐÄÕæÒâ
> >
> > ---- 163.netºØ¿¨Õ¾£¨http://ecard.163.net£©;
> >
> >163µç×ÓÓʾÖȫзîÏ×£¬¾«²ÊÎÞÏ޵ĵç×Ӻؿ¨Õ¾¡£
> >===============================================
> >
> >-
> >[To unsubscribe, send mail to [EMAIL PROTECTED] with
> >"unsubscribe firewalls" in the body of the message.]
> >
> >-
> >[To unsubscribe, send mail to [EMAIL PROTECTED] with
> >"unsubscribe firewalls" in the body of the message.]
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
