Re: [gb-users] Transpartent Proxying via a seperate box

[David Brooks]

Chris,

It should show the originating IP in this case.  I would need to go 
back and look at that to be sure.

David


At 09:50 AM 8/24/2006, Chris Green wrote:
Interesting way to do that.  On the plus side this could potentially 
allow the squid to see the originating IP, correct?  I will have to 
rig up a lab to give this a shot.  Anyone ever tried loading GB-Ware 
in a vmware?  ;)

Chris Green


David Brooks wrote:
Chris,

Simple answer is no not with the transparent proxy.

Ok, I have not tired this with a Squid proxy.  So saying this you 
can give the following a try.

The objective is to transparently redirect all http packets to 
another gateway.

Set up Policy based routing with the gateway being the Squid.

Gateway Failover
Enabled: no
Ping if Primary Down: no
Notification: yes
Gateway Sharing
Enabled: no
Policy Based Routing
Enabled: yes
Source Routing
Enabled: no
Gateways
Index Name    Route              Sharing Failover
1       Squid     172.16.1.1             No    No


Then an Outbound Policy

Description: Accept - Send All http request to Sea Monster
Type;  Accept
Priority :  notice
Interface: PROTECTED
Service: <HTTP>
  from <ANY_IP>
      to <ANY_IP>

Advanced  - Route: <Squid>

This would redirect all http packets to the squid proxy.

Ok, Good luck on Squid - it has to probably accept the packets and 
NAT them and send them back out.

You may need to set up a separate outbound policy for Squid IP to 
not be directed back to itself or a loop on the firewall.

Ok, I like I said before never done this before.  However, the 
firewall has the ability to re-direct using the Policy based routing.
Once packets are redirected it is the Sea Monsters responsibility 
to handle them.

FYI - I used only http you could create groups of service groups to be used.

David



At 09:20 AM 8/24/2006, Chris Green wrote:
Is it possible through the use of transparent proxying to force 
all traffic through another box running Squid or similar?

Chris Green

------------------------------------------------------
To unsubscribe:           [EMAIL PROTECTED]
For additional commands:         [EMAIL PROTECTED]
Archive:  http://archives.gnatbox.com/gb-users/

------------------------------------------------------
To unsubscribe:           [EMAIL PROTECTED]
For additional commands:         [EMAIL PROTECTED]
Archive:  http://archives.gnatbox.com/gb-users/

------------------------------------------------------
To unsubscribe:           [EMAIL PROTECTED]
For additional commands:         [EMAIL PROTECTED]
Archive:  http://archives.gnatbox.com/gb-users/

------------------------------------------------------
To unsubscribe:           [EMAIL PROTECTED]
For additional commands:         [EMAIL PROTECTED]
Archive:  http://archives.gnatbox.com/gb-users/