On 19/10/11 23:10, zozo zozo wrote:
I.e. I can't put my transparent proxy to internet, I need it to be in same IP space as my network interface?You can put it anywhere you like. There are only two requirements: 1) NAT happens on the same OS. So Squid can have direct access to the NAT data to undo the destination IP erasure. 2) Squid needs access to the same DNS as the clients. To verify the packets destination IP matches the HTTP requested domain.But I can't redirect to outer networks using policy routing, only to gateways I have direct access to. I.e. not Internet. I have a rented Linux machine out there in the Internet, to route packets there I'd need access to all ISP's gateways. NAT seems to be my only option to send packets there.
Or a tunnel between the boxes. The tunnel wrapper IP can go through the NAT process without loosing the original packet IP.
And can I trick squid by putting same iptables rules to that machine? Or by another NAT, like one machine NATs to port 3129, and on squid machine it NATs to 3128?
iptables would have as much trouble reversing the NAT on a different machine as Squid would.
Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.16 Beta testers wanted for 3.2.0.13
