[squid-users] Does it make sense to enable TPROXY for squid running on a gateway/firewall machine?

From: Xudong Guan <xudong.guan@dont-contact.us>
Date: Wed, 11 Apr 2007 18:23:05 +0100

Hello all,

First I would like to thank all the squid/tproxy developers for their
wonderful work.

I have one question about squid and tproxy. Given a typical LAN setup
sharing a single Internet connection through a NAT gateway/firewall,
with squid itself running on the gateway machine, working in
interception mode, does it make sense to use TPROXY? AFAIK, all the
traffic after the NAT firewall won't retain any client address anyway,
whether it appears to be from squid, or from the client.

                   ---------------
  http | NAT gateway | |--- client1
  server ----WAN---| firewall |---LAN---|--- client2
                   | with squid | |--- client3
                   | Linux 2.6.x |
                   ---------------

The current squid interception FAQ only provides tproxy configuration
example using a router and a separate squid machine.

Best regards,

Xudong Guan
Received on Wed Apr 11 2007 - 11:23:24 MDT

This archive was generated by hypermail pre-2.1.9 : Tue May 01 2007 - 12:00:01 MDT