On 5/12/2011 7:34 p.m., Nguyen Hai Nam wrote:
Hi,
As last time I had a squid box working in interception mode as well:
traffic was redirected from default gateway to squid box, then IP-filter
will NAT to intercepting squid. Look like this:
INTERNET Router
|
|
Switch----Default gateway
| \
| \
| + Squid box
|
|
LAN
But I'm thinking that I don't have access to default gateway router to
modify http traffic to squid, so I do add one more NIC to squid box and
change topo to this:
INTERNET Router
|
|eth1
Squid
|eth0
|
Switch----Default gateway
|
|
|
LAN
I've just tried to do so, but the traffic passed through and don't come
to Squid. So the box is like a switch only. How can I do to make sure
http traffic always comes to squid?
"Like a switch"? or or did you really mean "like a bridge"?
* switch ... no solution. Switches do not perform the NAT operations
required for interception. They also don't run software like Squid, so I
think this is a bad choice of word in your description.
* bridge ... requires dropping packets out of the bridge into the
routing functionality. See the bridge section at
http://wiki.squid-cache.org/Features/Tproxy4#ebtables_on_a_Bridging_device
Amos
