On Tue, 13 Dec 2011 16:20:57 +0200, Eliezer Croitoru wrote:
why dont you use the interception\transparent mode instead of TPROXY?
for your setup it seems just the perfect idea.
i'm using a range setup like this:
-A PREROUTING -p tcp -m tcp -m iprange ! -d 192.168.0.0/16 -i eth1
--dport 80 -j REDIRECT --to-ports 3128 --src-range
192.168.0.0-192.168.0.190
with
http_port 192.168.0.1:3128 intercept
and it works like a charm.
FYI: this is his config although using the deprecated "transparent"
flag instead of "intercept". And TPROXY is the better one to use than
NAT, albeit more complicated.
The main problem now seems to be his hang-up on the idea that
"configuration of browsers" means manually visiting each client.
Ignoring the fact that every mention so far has been about using WPAD
for automated configuration of unlimited numbers of clients with a
one-off action.
Amos
