On Wed, 14 Jan 2004, Richard Doyle wrote: > On Wed, 2004-01-14 at 13:01, Tom Eastep wrote: > > On Wednesday 14 January 2004 12:47 pm, Richard Doyle wrote: > > guess there isn't such a system... > > > > > > > > Tim Massey > > > > > > Transparent proxying is implemented by configuring iptables/netfilter to > > > redirect packets to the squid server. The Squid logs will show that all > > > requests come from the netfilter box. > > > > > > In other words you can have transparent proxying or detailed monitoring, > > > but not both. > > > > Not so -- you can use policy routing to redirect the requests to the Squid > > server; that preserves the original source IP address. See > > http://www.shorewall.net/Shorewall_Squid_Usage.html > > > > -Tom > > Ah yes, I'd forgotten about using policy routing for redirection. Does > this provide the information required by the original poster, including > the full URL of the request?
No, policy routing pays no attention to URLs. It works through tcp/ip information, such as ip numbers and protocol numbers. Fortunately, the transmitted header of the http request normally does include the URL of the request, and the Squid instance receiving the connection is designed to interpret that header. I would suggest that the Squid instance be installed on a computer that is not the router (presumably one in the private network)... this will eliminate the concern for squid compatibility with the router software and hardware (hard disk). The policy routing would have to include a special provision for the squid computer to make http connections to avoid a communication loop. Perhaps those with more interest might find http://en.tldp.org/HOWTO/TransparentProxy.html worth reading? --------------------------------------------------------------------------- Jeff Newmiller The ..... ..... Go Live... DCN:<[EMAIL PROTECTED]> Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/Batteries O.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --------------------------------------------------------------------------- ------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
