On Mon, 2004-07-19 at 17:14, Joshua N Pritikin wrote: > The typical way to set up a transparent http proxy is to put it on a > separate machine near the ISP connection. With LTSP, all the clients > are actually running browsers on the LTSP server. Can I run the LTSP > server and transparent proxy on the same machine? > > A quick glance through iptables doc suggests that it might be possible > because the OUTPUT chain can match packets based on the owner uid > (proxy). I mention this because only the proxy should be allowed to > connect through port 80. All other processes should get REDIRECT'd to > 8080. > > Has anyone gotten this working already?
Yes, I did this one before. Look into the 'uid match' support in iptables. As you have already figured out, the basic idea is that you match on root and squid, and allow them out, then redirect everybody else. Andrew Bartlett
signature.asc
Description: This is a digitally signed message part
