On Tue, 13 Dec 2011 16:20:57 +0200, Eliezer Croitoru wrote:
> why dont you use the interception\transparent mode instead of TPROXY?
> for your setup it seems just the perfect idea.
> i'm using a range setup like this:
> -A PREROUTING -p tcp -m tcp -m iprange ! -d 192.168.0.0/16 -i eth1
> --dport 80 -j REDIRECT --to-ports 3128 --src-range
> 192.168.0.0-192.168.0.190
>
> with
> http_port 192.168.0.1:3128 intercept
>
> and it works like a charm.
FYI: this is his config although using the deprecated "transparent"
flag instead of "intercept". And TPROXY is the better one to use than
NAT, albeit more complicated.
The main problem now seems to be his hang-up on the idea that
"configuration of browsers" means manually visiting each client.
Ignoring the fact that every mention so far has been about using WPAD
for automated configuration of unlimited numbers of clients with a
one-off action.
Amos
Received on Tue Dec 13 2011 - 22:32:10 MST
This archive was generated by hypermail 2.2.0 : Wed Dec 14 2011 - 12:00:03 MST