also sprach Phil Dyer [EMAIL PROTECTED] [2005.03.28.0041 +0200]:
Martin, if/when you do find a solution, I hope you'll summarize to
the list. I find this problem quite interesting...
Certainly.
--
Please do not send copies of list mail to me; I read the list!
.''`. martin f. krafft
also sprach David Mandelberg [EMAIL PROTECTED] [2005.03.27.1617 +0200]:
What about allowing all connections with squid's acls and using
iptables to limit it to localhost?
This is certainly the other possibility, but it's one I do not like
a lot, maybe for aestethic reasons...
--
Please do not
also sprach Arnt Karlsen [EMAIL PROTECTED] [2005.03.27.0439 +0200]:
..a weird set of details from which I couldn't make out any kinda sense
of your overall purpose, as in ok, you told me _how_ you wanna do it,
but _what_ are you trying to do, and _why_?.
[...]
..now we're talking. ;o)
is it possible to rewrite both, source and
destination socket in locally generated, outgoing packets, *before*
a routing decision is made?
..now we're talking. ;o) Communication stategy:
Try explain _what_ you're trying to do, and _why_,
Martin's question has yet to be answered. I find his
On Sun, 27 Mar 2005 22:59:50 +0930, Ross wrote in message
[EMAIL PROTECTED]:
is it possible to rewrite both, source and
destination socket in locally generated, outgoing packets, *before*
a routing decision is made?
..now we're talking. ;o) Communication stategy:
Try explain _what_
On Sun, Mar 27, 2005 at 10:59:50PM +0930, Ross Goble wrote:
Martin's question has yet to be answered. I find his question clear and
concise.
perhaps one could mark with iptables the local packets to be source
natted and then source nat the marked packets with ip route
--
Chi usa software non
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
NN_il_Confusionario wrote:
perhaps one could mark with iptables the local packets to be source
natted and then source nat the marked packets with ip route
I don't think that iptables alone can do it. I'm thinking this is the
road to look down,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Phil Dyer wrote:
NN_il_Confusionario wrote:
perhaps one could mark with iptables the local packets to be source
natted and then source nat the marked packets with ip route
I don't think that iptables alone can do it. I'm thinking this is the
Phil Dyer wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Phil Dyer wrote:
NN_il_Confusionario wrote:
perhaps one could mark with iptables the local packets to be source
natted and then source nat the marked packets with ip route
I don't think that iptables alone can do it.
On Sat, 26 Mar 2005 16:29:43 +0100, martin wrote in message
[EMAIL PROTECTED]:
also sprach Arnt Karlsen [EMAIL PROTECTED] [2005.03.24.2014 +0100]:
..having re-read this thread all the way from your Message-ID:
[EMAIL PROTECTED], I _lost_ you.
..is this some kinda paid research you're
El Miércoles, 23 de Marzo de 2005 17:39, martin f krafft escribió:
also sprach Dave Ewart [EMAIL PROTECTED] [2005.03.23.1709 +0100]:
acl thishost 1.2.3.4/255.255.255.255 (or whatever it's public IP is - I
don't have the
It's a dynamic IP. So short of script-editing squid.conf, iptables
is
also sprach Raúl Alexis Betancort Santana [EMAIL PROTECTED] [2005.03.24.0948
+0100]:
Are you trying to do transparent proxy on a router/gateway with
dynamic ip on the public interface?, it's also you client's ip
dynamic?
local packets means: packets generated on the machine running
squid
On Thu, 24 Mar 2005 11:26:44 +0100, martin wrote in message
[EMAIL PROTECTED]:
also sprach Ral Alexis Betancort Santana [EMAIL PROTECTED]
[2005.03.24.0948 +0100]:
Are you trying to do transparent proxy on a router/gateway with
dynamic ip on the public interface?, it's also you client's ip
I want to rewrite source and destination sockets of locally
generated packets. Specifically, packets with the following pair
1.2.3.4:12345 - 8.7.6.5:80
should be rewritten as
127.0.0.1:12345 - 127.0.0.1:3128
Is it possible to achieve this with iptables? I can do the
destination rewriting
On Wednesday 23 March 2005 11:06, martin f krafft wrote:
I want to rewrite source and destination sockets of locally
generated packets. Specifically, packets with the following pair
1.2.3.4:12345 - 8.7.6.5:80
should be rewritten as
127.0.0.1:12345 - 127.0.0.1:3128
Is it possible to
On Wednesday, 23.03.2005 at 11:06 +0100, martin f krafft wrote:
I want to rewrite source and destination sockets of locally
generated packets. Specifically, packets with the following pair
1.2.3.4:12345 - 8.7.6.5:80
should be rewritten as
127.0.0.1:12345 - 127.0.0.1:3128
Is it
also sprach David Schmitt [EMAIL PROTECTED] [2005.03.23.1222 +0100]:
try to fwmark the packages when REDIRECTing and use the mark on
POSTROUTING to SNAT too.
As I said, POSTROUTING is too late.
--
Please do not send copies of list mail to me; I read the list!
.''`. martin f. krafft
also sprach Dave Ewart [EMAIL PROTECTED] [2005.03.23.1301 +0100]:
Knowing your motivation might be useful ... why do you want to do
this?
Have squid transparently proxy connections made by the local
machine... without having to configure every single HTTP client with
proxy settings.
--
Please
On Wednesday 23 March 2005 14:26, martin f krafft wrote:
Hi all,
Have squid transparently proxy connections made by the local
machine... without having to configure every single HTTP client with
proxy settings.
Using firehol + transparent_proxy directive is completly transparent here
for me
also sprach Igor Genibel [EMAIL PROTECTED] [2005.03.23.1533 +0100]:
Using firehol + transparent_proxy directive is completly
transparent here for me (no need to change anything on clients)
Does it also work for local connections on the squid machine itself?
Try it:
apt-get install
On Wednesday, 23.03.2005 at 14:26 +0100, martin f krafft wrote:
also sprach Dave Ewart [EMAIL PROTECTED] [2005.03.23.1301 +0100]:
Knowing your motivation might be useful ... why do you want to do
this?
Have squid transparently proxy connections made by the local
machine... without having
On Wednesday 23 March 2005 15:56, martin f krafft wrote:
also sprach Igor Genibel [EMAIL PROTECTED] [2005.03.23.1533 +0100]:
Using firehol + transparent_proxy directive is completly
transparent here for me (no need to change anything on clients)
Does it also work for local connections on
also sprach Igor Genibel [EMAIL PROTECTED] [2005.03.23.1615 +0100]:
Yes, it doesn't work but I think it is quite normal for a normal
use of a firewall/proxy where no user have to connect on and do
http requests :)
I surely do not need a whole other layer for firewall building to
set up
also sprach Dave Ewart [EMAIL PROTECTED] [2005.03.23.1602 +0100]:
I don't quite understand why you want to change the *source* address
too, in this situation. It seems like you trying to SNAT the machines
interface IP address to 127.0.0.1? Why?
So I can restrict squid to source IP 127.0.0.1,
also sprach Dave Ewart [EMAIL PROTECTED] [2005.03.23.1709 +0100]:
acl thishost 1.2.3.4/255.255.255.255 (or whatever it's public IP is - I don't
have the
It's a dynamic IP. So short of script-editing squid.conf, iptables
is the only way.
--
Please do not send copies of list mail to me; I read
On Wednesday, 23.03.2005 at 18:39 +0100, martin f krafft wrote:
also sprach Dave Ewart [EMAIL PROTECTED] [2005.03.23.1709 +0100]:
acl thishost 1.2.3.4/255.255.255.255 (or whatever it's public IP is - I
don't have the
It's a dynamic IP. So short of script-editing squid.conf, iptables
is
26 matches
Mail list logo
