I've been trying to setup a Transparent Proxy on a Transparent Bridge.
I'm at the point where I can have Squid work w/o the bridging turned
on or I can have the bridging work work with no Squid. Alas, the two
won't play nicely together.
I'm using Redhat 7.3 (kernel 2.4.18), I have brctl loaded and compiled,
recompiled the kernel to enable Full Nat, Redirect, /proc, TCP/IP, sysctl,
ip masqurade and any other goodies that looked like I might need later on.
I also applied the brctl patch diff against 2.4.18 (not sure if I needed that).
I've turned off IP chains (who knows why it was defaulted on) permenatly
and activated iptables.
I would really really really like to not put a IP address on this box because
I don't want it remotely administered or easy to connect to. I don't mind
hiking out to the closet it's gonna hide in.
My internet connection looks like this
--------------------------- --------
| Wireless Radio Receiver | --------------------------| Router| ------Network
| (Internet connection) | ^ --------
---------------------------- |
|
I want to place the bridge/proxy here -----|
On the bridge/proxy eth0 is facing the internal network and eth1 is facing the
wireless radio receiver. The IP address is staticly assigned by the ISP to the
router using it's MAC address. If worse comes to worse I can move the IP
address to the bridge and use a private network number between the bridge
and router. However, in my dealings with ths ISP, i've found them to be
rather .... how should I put it.... not too good. I know if I have them
allow the MAC address from the bridge's eth1 it won't be done correctly
and will mess up the internet connection for a week (they blew up the mail
server once and took them 2 weeks to fix...but thats another story).
Besides that I don't like touching working routers and chaging perfectly
good settings. I would just prefer sticking the box in and let it be.
The real problem is getting Squid to do DNS lookups if it doesn't have the
page in the cache. (should I even be trying?) Since the bridge has no IP
addresses it has no method for connecting to the internet itself, but it happily
forwards the packets from eth0 though! Squid likes to do a DNS test
when you fire it up, if it fails, your squid dies. (poor squid)
So now that I've written a dietribe and managed to mangle the english
language all at the same time...any ideas, suggestions or wet noodles to
be flogged with?
Brian J. Godfrey
_______________________________________________
Bridge mailing list
[EMAIL PROTECTED]
http://www.math.leidenuniv.nl/mailman/listinfo/bridge
