> -----Original Message----- > From: Stuart Henderson [mailto:[EMAIL PROTECTED] > Sent: Thursday, December 21, 2006 9:40 AM > To: Dominik Zalewski > Cc: Peter N. M. Hansteen; misc@openbsd.org; pf@benzedrine.cx > Subject: Re: Squid 2.6 transparent proxy with pf > > On 2006/12/21 15:29, Dominik Zalewski wrote: > > In this article squid is running on the same machine as > OpenBSD firewall. In > > my case I have squid running on different machine connected > to LAN interface. > > My question is can redirect traffic on $int_if to another > machine connected > > to the same interface? Does this rule is corrrect ? > > No, you can't redirect back out the interface the packet came from. > Maybe vlans could help, if there are no spare physical interfaces. > Or you could run a small transparent proxy (e.g. tinyproxy) on the > firewall and have that use $squid as a parent. >
Sure you can, I do it all day long. You may need to NAT based on your network. Have your clients NATed to an address on your firewall and then redirect it over to your squid box, which will reply to the NATed address on your firewall which can then unNAT it and send it back to the client.
