RE: a simple question for transparent proxy

Mon, 12 Mar 2001 09:07:26 -0800 

At 01:55 12/03/01 -0500, Carl E. Mankinen wrote:
>Have you looked at using SQUID and a GRE tunnel to a Cisco router?
>I have used this for a transparent proxy in the past, but squid has issues
>unfortunately.

This doesn't help him if using an MS platform. He needs a modified IP stack 
anyway.

As for NAT, it's not a problem if the proxy is modified to collaborate with 
NAT (for example,
squid can work with ipnat).

GRE is only needed if the proxy host is not in the data path. so it's 
generally used on Cisco
routers to send traffic to proxies at ISP sites. Note that Cisco's WCCP is 
probably a better
solution for that...


While I am in, if an ISP requires that I go through a proxy to go to the 
internet, then I'd rather
go for another ISP. There are problems using proxies:
- they are not really transparent. Once I got a denial message by a site 
for the simple reason
that some guy used a robot to download the whole site, and this guy came 
from the same proxy.
(I don't agree with the site decision, but this is legitimate. so I don't 
like my ISP blocking me
because of some other user practice)
- they may have problems dealing with specific features. for example, an 
ISP may have installed
a proxy that doesn't suport the last version of http (or the last features...).
- the perf gain from caching depends on who goes where. If I don't go where 
everyone goes, then
it just breaks my perfs.
- transparent proxying requires the IP stack to correctly handle IP 
fragments. This is not obvious!
(the obvious way is not good for perfs).
- ....

cheers,
mouss


>-----Original Message-----
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED]
>Sent: Monday, March 12, 2001 1:09 AM
>To: [EMAIL PROTECTED]
>Subject: Re: a simple question for transparent proxy
>
>
>hello :
>       I understood now after I saw the document rfc 1919.
>       It's too difficult to implement transparent proxy in a unmodified
>tcp/ip
>       stack ,example ms system.
>       I want to know  new information for this document,and which product
>       support transparent proxy?
>       I thought if use nat , transparent should be unused.
>
>
>
>===============================================
>ΪÄã¶ø½¨£¬ÎªÄã¶øÉ裬ÈÃÄã´«µÝÕæÐÄÕæÒâ
>
>     ---- 163.netºØ¿¨Õ¾£¨http://ecard.163.net£©;
>
>163µç×ÓÓʾÖȫзîÏ×£¬¾«²ÊÎÞÏ޵ĵç×Ӻؿ¨Õ¾¡£
>===============================================
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to