Hi. Thanks. The initial idea is to make (3) work as a gateway too.
Thus, (3) can pass all protocols except 80 to WWW. Then, users may get DNS address for WWW After then, when http requests occur, my proxy will hook all packets. Is my idea weird? Can a reverse apache help for my configuration? On Thu, Jul 23, 2009 at 5:27 AM, André Warnier<a...@ice-sa.com> wrote: > Brian Kim wrote: >> >> Hi all. >> >> The basic configuration is as follows >> >> (1) (2) (3) (4) >> Users -------- switch -------- (eth2 ------ eth0) ------ WWW >> >> >> Users located in (1) will access WWW via http Apache server in (3). >> >> For non-transparent proxy, every user across the proxy has to set up >> proxy configuration >> >> by putting proxy IP address. Again, I just want to make users access >> WWW without the setup. >> >> In other words, (3) proxy should be transparent. >> > > I think there might be a flaw in your thinking above. > Most probably, the real setup is not *only* what you indicate above. > In reality, it is like this : > >> (1) (2) (3) (4) >> Users -------- switch -------- (eth2 ------ eth0) ------ WWW > | > (router) > | > WWW > > In other words, when the user enters "http://www.google.com"; in the URL bar > of his browser, what happens is : > > - the browser does a DNS lookup for "www.google.com", and obtains an IP > address. Say this is : 74.125.39.99 (just guessing). > > - then the browser sets up a TCP connection with the IP address > 74.125.39.99, port 80, and sends a HTTP request like : > GET / HTTP/1.1 > Host: www.google.com > > on that connection > > - most likely, this TCP connection goes through (router), not through > (eth2--eth0). That is because the users workstations probably have > "(router)" set up as their default gateway (at the TCP network setup level, > not at the browser level). > > If you do not "tell" these browsers that for HTTP connections, they have to > use "(eth2--eth0)" as a "proxy", then how are they going to know any > different ? > > > > > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
