fre 2007-04-27 klockan 13:18 +0300 skrev robert@e-adnet.ro:
> i need it for sure. and why shouldn't my network support it ?
Do your network route return traffic from the internet with a
destination IP of one of the clients via the proxy which forwarded the
traffic out to the internet?
transparent == Transparent interception of port 80 traffic without
browser configuration. Works on most OS:es supporting transparent
interception (Linux 2.x, FreeBSD, OpenBSD, Solaris, etc etc..). Usually
done with assymetric routing where outgoing port 80 traffic is
redirected to the proxy.
tproxy == Forwarding of requests using the original clients IP as source
address. Requires a TPROXY patched Linux kernel. Requires fully
symmetric routing of port 80 traffic in both directions.
The only reasonably deployable tproxy network configurations I know of
is
a) A single proxy which also acts as the sole Internet gateway for all
Internet traffic.
b) Dual WCCP2 setup with two WCCP2 services, one for outgoing requests
and another mirrored WCCP2 service for return traffic.
It's also kind of possible with carefully crafted route maps, but
doesn't scale well with more than one proxy..
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Tue May 01 2007 - 12:00:01 MDT