MontyRee wrote:
> Hello, all.
>
>
> I want to set two transparent firewall.
As in two boxes? one box with two firewall softwares running on it?
or _one_ firewall with control over both internal and external traffic?
PS. The words 'transparent' and 'firewall' are opposites. There is no
such thing.
'transparent' - to be invisible.
'firewall' - solid block preventing communication.
>
> One is a monitoring and dropping against outbound http traffic at the office.
> I'm planning to setup transparent squid.
>
> The other is a monitoring the inbound web hacking trial like a sql injection in front of the web server.
> I'm planning to setup modsecurity or apache proxy mode.
Apache proxy is not worth it. Squid can be a reverse-proxy and do that
much better.
http://wiki.squid-cache.org/ConfigExamples/Reverse/BasicAccelerator
>
> When I searching the document about how to redirect the http traffic, there were two ways to implement by iptables.
>
> one is using tproxy
> the other is redirect
>
> I don't know the difference between them.
>
> What's the difference between them?
The biggest difference: REDIRECT is NAT. TPROXY is not.
REDIRECT is destroying IP information during transit through the proxy.
It is better named 'interception'. 'transparency' does actually happen.
TPROXY is spoofing the outward IPs so that destination sites can see the
real client IP as the source, not the proxy. Real transparency of IP
addresses.
> and Which function should I use?
Either.
Amos
-- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18 Current Beta Squid 3.1.0.13Received on Fri Aug 28 2009 - 01:18:42 MDT
This archive was generated by hypermail 2.2.0 : Fri Aug 28 2009 - 12:00:03 MDT