Hi Guy and everyone,
guy keren wrote:
> maybe you should start thinking then ;) . if a "regular router" = cisco -
> then, yes, it can do that, and much more (depending on the version of its
> IOS).
Maybe, but not as explained in your email.
>
>
> this will done done with no address translation on the router - it just is
> told that the 'next hop' towards the target address,
The "target address" is the entire internet. You are referring to the default
route?
> is the proxy machine.
> that proxy machine then needs to understand (via normal routing rules)
> that any packet it received, targeted for port 80 and an IP that does not
> belogn to the local machine, should be injected into the proxy server's
> module. that doesn't _have_ to be implemented using NAT (althoguht it
> _might_ be done this way if it simplifies stuff).
Yes, I agree. I have no problem with inplementing NAT on the proxy machine,
BUT...
>
>
> guy
>
You will find that your solution forwards ALL outbound packets to the proxy
machine. Not just those aimed at port 80. You are then left with my original
problem - I don't want to penalise the entire office traffic with an extra hop
(actually - extra two hops and a routing loop in your solution), just because
I want to implement a transperant proxy. A much simpler solution for me is to
block all communication to port 80 outbound, and force everyone to manually
configure the proxy or they don't get web access.
Shachar
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
