Henrik Nordstrom wrote:

On Thu, 26 May 2005, Matus UHLAR - fantomas wrote:

I'm afraid there's nothing like reverse intercepting proxy although it's
possible to do it. Maybe some hardware proxying solutions...


There is the TPROXY patch for Linux.

Another option is tcp_outgoing_address combined with NAT outside the proxy. Set up one private tcp_outgoing_address per client IP and then NAT these to the real client IP before the traffic leaves your network.

[So is patching with the tproxy patch one of the options or both combined with the tcp_outgoing_address?]



Both has very strict requirements on your networking setup as all return traffic must go via the proxy even if the destination IP is the client IP.

[You are right all traffic passes through the proxy.Is it okay if I do the NATING on the same box as squid or some other box has tobe setup? You will excuse me for insisting I can't stop usind squid just beacuse of some sites blocking my squid box next time I rather they block a particular host or network.Please advise.
Thanks
Ronny]



Regards
Henrik



--
***************************************************************************
 / ''We can't become what we need to be by remaining what we are''\
 \ ,,                                                           ,,/
***************************************************************************


Reply via email to