Re[4]: [squid-users] Non-transparent port works, transparent doesn't

From: zozo zozo <flam4_at_mail.ru>
Date: Wed, 19 Oct 2011 14:10:11 +0400

> > I.e. I can't put my transparent proxy to internet, I need it to be in
> > same IP space as my network interface?
>
> You can put it anywhere you like. There are only two requirements:
>
> 1) NAT happens on the same OS.
> So Squid can have direct access to the NAT data to undo the
> destination IP erasure.
>
> 2) Squid needs access to the same DNS as the clients.
> To verify the packets destination IP matches the HTTP requested
> domain.

But I can't redirect to outer networks using policy routing, only to gateways I have direct access to. I.e. not Internet.
I have a rented Linux machine out there in the Internet, to route packets there I'd need access to all ISP's gateways.
NAT seems to be my only option to send packets there.

And can I trick squid by putting same iptables rules to that machine?
Or by another NAT, like one machine NATs to port 3129, and on squid machine it NATs to 3128?
Received on Wed Oct 19 2011 - 10:10:29 MDT

This archive was generated by hypermail 2.2.0 : Thu Oct 20 2011 - 12:00:03 MDT