On Monday 14 July 2003 11.05, [EMAIL PROTECTED] wrote: > I think that I will try the kernel patch as we have are short on > addresses and I think that it would better suit our needs. > Bizarrily, I couldn't find a url to download the patch -- can you > suggest one?
The TPROXY patch is part of Netfilter Patch-O-Matic last time I looked. I think there is a homepage somewhere also.. Note that you also need to patch Squid to use this feature. Note: In the NAT approach you do not need to use real addresses. Virtual private addresses works just fine. These addresses are just used between Squid and the NAT engine. To reproduce the exact same effect as TPROXY you configure Squid like this: 1. Create a set of virtual private addresses on the Squid server, as many as you have clients. 2. Set up squid.conf tcp_outgoing_address to assign proper private address for each client. 3. Use iptables -t nat -A OUTPUT -j SNAT ... to NAT the private addresses back to the clients real addresses. This approach, just as TPROXY, requires the Squid server to be the router/gateway of all your Internet traffic. Using the clients address as source address will never work if the return traffic for these addresses is not routed via the same point in the network. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
