Willie Wong <[EMAIL PROTECTED]> writes: > Two ways exist (AFAIK) of using squid: > 1) Run it as a proxy server. In the Internet Options for your > web browser, you point the proxy toward the proxy server. You submit > a request, it gets relayed to the internet, the response comes back, > squid passes it backs to your computer. > > 2) Run it transparently on the _router_. This is the important part: > on the router, you can force all traffic intended for HTTP traffic > to go through squid. There are many howtos on the web detailing how > this work, so I will not go into details and only say that it > involves intercepting the traffic halfway with iptables and pass > them to squid. > > Clearly, 1 cannot be forced: if you just unset the proxy setting from > the web browser, your computer will connect to the internet directly.
In the different scenarios we've been discussing though, I'm thinking I've blocked internet access for several machines. If those machines are then set to proxy thru a local lan address (The gentoo box running squid). They would be able to contact that address. As I understand it, that is the only address they would see. And if the proxy were turned off in software they would then not be able to go to internet either since that avenue is already blocked. So the browser would stall and show no internet connection. > 2 cannot be implemented in your case, since it requires that > internet-bound traffic must pass through your gentoo box. If you try > to forward all traffic from the router toward your gentoo box, you > get an infinite loop since the gentoo box is behind the router. I'm not sure what you mean here about the infinite loop. Thats what routers do is foward traffic to machines behind them. What I'm thinking when I talk about setting default route to the gentoo box is that the router is also a switch. I'm wondering if internet bound packets can: o start on a win box behind the router o get to the router/switch o be switched to the gentoo box since it is the gateway listed o be sent back to the router by the gentoo box on its journey to INET. Is that even possible without another subnet, nic etc? -- [email protected] mailing list
