RE: Transparent proxying woes (IOS 11.1(12) on a 4500)

| -----Original Message-----
| From: Ahsan Khan [mailto:ahsank@one.net.pk]
| Sent: Tuesday, June 13, 2000 7:31 PM
| To: Chris Tilbury; squid-users@ircache.net
| Subject: Re: Transparent proxying woes (IOS 11.1(12) on a 4500)
|
|
| Then the best way is that do not disturb your Cisco
| access-group . What
| best for you is then that make your Linux Machine gateway for
| users and use
| ipchains for traffic redirection . It will be much better and your network
| structure will not disturb.

Having to change the default gateway on approximately 4,500 machines far
more disruptive than fixing a broken access-group. There are other networks
on that router, as it turns out, and whilst we're stopping ourselves from
being attacked using addresses spoofed to appear as us, we're not stopping
those other networks from being attacked with addresses spoofed to appear as
us.

We've already got ipfilter loaded on the box (which is a Sun), needed for
the NAT setup to make this work.

Cheers,

Chris

--
Chris Tilbury, IT Services, University of Warwick, Coventry, UK
PHONE: 024 7652 3365 / FAX: 024 7652 2367 / MAIL:
Chris.Tilbury@warwick.ac.uk