For various reasons I need to run squid transparently proxying but not on the firewall.
eg: firewall(normal gateway) - 192.168.0.1 squid box - 192.168.0.2 2k clients - 192.168.0.x (gateway set to .2) To do this I have set the squid box as default route on the clients and configured squid 2.5 to work transparently. The squid box's default route is the firewall. Yes I know this is a bit odd but does have advantages such as when the firewall is an appliance that can't have squid installed. The problem is that the clients automagically reroute bypassing the squid box and go directly to the firewall. Thus not being transparently proxied. This problem has only started happening since I upgraded the squid box from a RH6.2 to a RH8. I thought it might be icmp redirects so have switched it off in /proc/sys/net/ipv4/conf/*/send_redirects but this made no difference. I put back the old and dieing RH62 box just to be sure I was not going mad and sure enough the clients did not bypass the squid box and transparent worked perfectly. Anyone any ideas? My guess is its something to do with new features in the 2.4 Linux kernel. But that's as far as I've got. -- Daniel Barron (Visit http://dansguardian.org/ - True web content filtering for all)
