Em 09-01-2014 08:13, Romain FABBRI - Alien Consulting escreveu: > > In this topology : > > Computers <=> Switch <=> Webfiltering bridge <=> > Router <=> Internet > > > > Without a bridge, a system with 2 network cards won't let : > > - data from the Computers going to the Router. > > - data from the Router going to the Computers > It will, that is what nat was created for, and openbsd with pf does it handsomely. They won't operate as if they were on the same network though (broadcast). Which is a security feature, from my point of view. > > > > How do you make it work without a bridge ??? > > - Maybe you're talking about a single network interface > system with just a proxy function on it > > o But no real security would be added in this topology, since you > can bypass the proxy > > - There could be a way to activate packets forwarding, but as > far as I know forwading requieres 2 networks > > > > If you use your openbsd box as the gateway, not as a transparent bridge, not only will you be able to achieve transparent interception with squid, as you'll have all the other nice features it come along with it. I believe that a transparent bridge could work, with an extra effort, but I would need to rig me a setup to test it. But if you have control over the router, I strongly suggest using 2 nics, and the openbsd machine as your network gateway.
Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC
