What are some of the other approaches (if you dont mind). I can't really do a NAT, I'd really like to stay with a bridge and not do any routing.
Normally, something like squid listens on a specific port and only proxies requests which are explicitly sent to it. If you set up Squid on a dual-homed machine acting as a firewall, you can configure all clients to use it without them being able to route traffic outside of the firewall themselves. In that case, squid will talk to the outside world using the external interface, but talk to the clients using whatever local subnet IP addresses they have, without using NAT or anything else.
A more complex approach would be to the network interface in promiscuous mode and use a divert socket to forward all normal web traffic (HTTP, 80/tcp) to the Squid proxy regardless. That has the advantage of not having to configure the clients to use a proxy, however. Anyway. I don't think setting this up is easier than using NAT, but perhaps you might find the concept useful....
-- -Chuck
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
