Hi, I've been using Squid + TPROXY in transparent sslbump mode for quite a while now, but I'd like to use an explicit proxy with user authentication instead.
I have Squid on my first Shorewall firewall, and then I have another Shorewall gateway where all the HTTP requests go through, with multiple providers / ISPs. In transparent tproxy mode, the HTTP requests on the Shorewall gateway are seen as coming from the users' client hosts (SRC IP addresses are the ones of the hosts where the web browsers are actually running). That allows me to mark traffic, and use different providers according to source P address ranges or other criteria. In the explicit setup, the Shorewall gateway only sees one IP address as HTTP source -- the one on the "first" Squid/Shorewall firewall. I presume that in this case there is NO WAY I can set up the Shorewall gateway to mangle traffic one way or the other depending on the "real" src IP address, right? Vieri _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
