tis 2003-02-25 klockan 16.12 skrev Fabien Salvi: > I suppose the response to the client *must* use the real destination > server IP for IP source address to not be dropped by it ? > > So, I suppose I must use NAT in iptables to do this ? > Is this possible ?
Yes. > In squid, I thought there was a mecanism to change the IP source address > of the reply. > Is this the reallity ? This is done automatically by the TCP/IP kernel when you configure the host to redirect port 80 to Squid (via NAT). Without it the TCP would not at all operate in transparent interception mode, and Squid is an application ontop of TCP. The same TCP/IP redirect methods can be used to redirect the traffic to ANY TCP/IP application on the host, or even on a remote server if you prefer. It is just a variant of NAT. The only specific support required in the application is if the application is interested in knowing the originally intended destination (which is not the case in your case). -- Henrik Nordstrom <[EMAIL PROTECTED]> MARA Systems AB, Sweden
