On Monday 01 September 2003 06.18, cc wrote: > But how do I restrict Src ips? As it > stands, all the port 80 packets that > are sent to the 'net from the clients > are DNATd to the Squid box and SNAT > from the routing-box.
Don't NAT, just route the packets via a different route (policy routing). If there is other routers inbetween the interception point and the Squid box then use a GRE tunnel, if not direct routing. For reliable session routing in iptables you can use the CONNMARK module. See iptables patch-o-matic extras. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
