On Wednesday 12 June 2002 01:03, Brian Godfrey wrote: > I've been trying to setup a Transparent Proxy on a Transparent > Bridge. I'm at the point where I can have Squid work w/o the > bridging turned on or I can have the bridging work work with no > Squid. Alas, the two won't play nicely together.
Didn't have any problems last time I tried.. but you need to remember to load the bridge-netfilter module.. > I would really really really like to not put a IP address on this > box because I don't want it remotely administered or easy to > connect to. I don't mind hiking out to the closet it's gonna hide > in. Your really really must have an IP address on it if you plan on running a proxy or pretty much anything else at the application layer there. But you do not need to have any services listening on this IP address except what is minimally used by the proxy. For Squid this is 2 open ports, one TCP port where Squid can receive the requests, and one UDP port used by Squid for DNS lookups. "netstat --inet -an" is your friend in verifying that the setup is done correctly in stripping away unneeded services. iptables your friend in firewalling any services you find you need to be running. > The real problem is getting Squid to do DNS lookups if it doesn't > have the page in the cache. (should I even be trying?) Since the > bridge has no IP addresses it has no method for connecting to the > internet itself, but it happily forwards the packets from eth0 > though! Squid likes to do a DNS test when you fire it up, if it > fails, your squid dies. (poor squid) Compared to the TCP needed for Squid to actually fetch the page DNS is trivial, but both sorts out nicely once you give the bride an IP address Squid can use. Regards Henrik Nordstr�m _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
