You could actually use iptables (if you have kernel 2.4 versions) which is very robust than ipchains. You could start looking at www.linuxhelp.net/guides there are some basic and advanced config for iptables and ipchains including rerouting clients from one port to your desired port.
----- Original Message ----- From: "Linda W." <[EMAIL PROTECTED]> To: "Squid Users" <[EMAIL PROTECTED]> Sent: Thursday, July 01, 2004 6:35 AM Subject: [squid-users] transparent proxy setup & limiting target hosts > I've never setup a squid proxy in transparent mode. Am I correct in > assuming > I need to also have ip_chains in my kernel to route the traffic from my > internal net to the outside world or would simple entries to the routing > table work? > > I only have 1-2 addresses that I want to transparently proxy -- I have a > network device that wants to speak to some http servers but doesn't know > about http > proxies. > > Am looking for a least effort approach that will allow the device to contact > it's server, but I don't want to open access to any other http servers. > > As a minor addition, I want to limit access to this proxy only from this > network device (at a fixed address assigned by my internal DHCP > server). I know that > should be trival using ACL's, but it would be "cool" if I could use my > existing > running copy of squid3beta to serve it's current function of an > 8080-based http proxy as well as providing the transparent service to > the dumb network device. > > It doesn't appear to be entirely straight forward since if I config my > internal > ethernet interface to respond as the external host, I'm not sure that plain > 'route' commands would be able to handle the task of forwarding the traffic. > > Haven't gotten into ipchains configuration yet, and wanted to avoid > adding that > complexity if it is not necessary as complexity is the enemy of > reliability and security as a "general" rule...:-) > > TIA for suggestions/answers... > > I haven't found much in the documentation about transparent proxying... > > (oh for a manpage .....:-)) > > -linda > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner which is > installed at www.sscrmnl.edu.ph and believed to be clean. > Report abuse from this domain at [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner which is installed at www.sscrmnl.edu.ph and believed to be clean. Report abuse from this domain at [EMAIL PROTECTED]
