RE: Transparent proxying woes (IOS 11.1(12) on a 4500)

From: Ahsan Khan <ahsank@dont-contact.us>
Date: Thu, 15 Jun 2000 16:45:00 -0500 (GMT+5)

Ok thats will be fine as you know your network better.

Ahsan Saleem Khan
Sr.System Admin
OneNet (InterNet Division)
Sun Communications Pvt. Ltd.
http://www.one.net.pk

On Wed, 14 Jun 2000, Chris Tilbury wrote:

>
> | -----Original Message-----
> | From: Ahsan Khan [mailto:ahsank@one.net.pk]
> | Sent: Tuesday, June 13, 2000 7:31 PM
> | To: Chris Tilbury; squid-users@ircache.net
> | Subject: Re: Transparent proxying woes (IOS 11.1(12) on a 4500)
> |
> |
> | Then the best way is that do not disturb your Cisco
> | access-group . What
> | best for you is then that make your Linux Machine gateway for
> | users and use
> | ipchains for traffic redirection . It will be much better and your network
> | structure will not disturb.
>
> Having to change the default gateway on approximately 4,500 machines far
> more disruptive than fixing a broken access-group. There are other networks
> on that router, as it turns out, and whilst we're stopping ourselves from
> being attacked using addresses spoofed to appear as us, we're not stopping
> those other networks from being attacked with addresses spoofed to appear as
> us.
>
> We've already got ipfilter loaded on the box (which is a Sun), needed for
> the NAT setup to make this work.
>
> Cheers,
>
>
>
>
>
> Chris
>
> --
> Chris Tilbury, IT Services, University of Warwick, Coventry, UK
> PHONE: 024 7652 3365 / FAX: 024 7652 2367 / MAIL:
> Chris.Tilbury@warwick.ac.uk
>
>
Received on Thu Jun 15 2000 - 05:40:34 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:54:02 MST