Henrick, Thanks a million --
Charles Shick On Mon, 2003-07-14 at 14:57, Henrik Nordstrom wrote: > On Monday 14 July 2003 11.05, [EMAIL PROTECTED] wrote: > > > I think that I will try the kernel patch as we have are short on > > addresses and I think that it would better suit our needs. > > Bizarrily, I couldn't find a url to download the patch -- can you > > suggest one? > > The TPROXY patch is part of Netfilter Patch-O-Matic last time I > looked. I think there is a homepage somewhere also.. > > Note that you also need to patch Squid to use this feature. > > > Note: In the NAT approach you do not need to use real addresses. > Virtual private addresses works just fine. These addresses are just > used between Squid and the NAT engine. To reproduce the exact same > effect as TPROXY you configure Squid like this: > > 1. Create a set of virtual private addresses on the Squid server, as > many as you have clients. > > 2. Set up squid.conf tcp_outgoing_address to assign proper private > address for each client. > > 3. Use iptables -t nat -A OUTPUT -j SNAT ... to NAT the private > addresses back to the clients real addresses. > > > This approach, just as TPROXY, requires the Squid server to be the > router/gateway of all your Internet traffic. Using the clients > address as source address will never work if the return traffic for > these addresses is not routed via the same point in the network. > > Regards > Henrik > > -- > Donations welcome if you consider my Free Squid support helpful. > https://www.paypal.com/xclick/business=hno%40squid-cache.org > > If you need commercial Squid support or cost effective Squid or > firewall appliances please refer to MARA Systems AB, Sweden > http://www.marasystems.com/, [EMAIL PROTECTED]
