I need to also have ip_chains in my kernel to route the traffic from my internal net to the outside world or would simple entries to the routing table work?
I only have 1-2 addresses that I want to transparently proxy -- I have a network device that wants to speak to some http servers but doesn't know about http
proxies.
Am looking for a least effort approach that will allow the device to contact
it's server, but I don't want to open access to any other http servers.
As a minor addition, I want to limit access to this proxy only from this network device (at a fixed address assigned by my internal DHCP server). I know that
should be trival using ACL's, but it would be "cool" if I could use my existing
running copy of squid3beta to serve it's current function of an 8080-based http proxy as well as providing the transparent service to the dumb network device.
It doesn't appear to be entirely straight forward since if I config my internal
ethernet interface to respond as the external host, I'm not sure that plain
'route' commands would be able to handle the task of forwarding the traffic.
Haven't gotten into ipchains configuration yet, and wanted to avoid adding that
complexity if it is not necessary as complexity is the enemy of reliability and security as a "general" rule...:-)
TIA for suggestions/answers...
I haven't found much in the documentation about transparent proxying...
(oh for a manpage .....:-))
-linda
