Date: Wed, 23 Jun 2004 17:12:27 -0400 From: Charles Swiger <cswiger@mac.com> To: Matt Juszczak <matt@atopia.net> Cc: freebsd-questions@freebsd.org Subject: Re: Redirection with a bridge ? Message-ID: <07A045ED-C55A-11D8-86C5-003065ABFD92@mac.com> In-Reply-To: <40D82E03.1000306@atopia.net> References: <40D3752A.8000809@atopia.net> <40D46636.1020909@mac.com> <3514.134.210.7.179.1087850914.squirrel@134.210.7.179> <2E739980-C3C6-11D8-BF1C-003065ABFD92@mac.com> <40D74EBA.2010402@atopia.net> <8389EA60-C3CB-11D8-BF1C-003065ABFD92@mac.com> <40D82E03.1000306@atopia.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jun 22, 2004, at 9:02 AM, Matt Juszczak wrote: > What are some of the other approaches (if you dont mind). I can't > really do a NAT, I'd really like to stay with a bridge and not do any > routing. Normally, something like squid listens on a specific port and only proxies requests which are explicitly sent to it. If you set up Squid on a dual-homed machine acting as a firewall, you can configure all clients to use it without them being able to route traffic outside of the firewall themselves. In that case, squid will talk to the outside world using the external interface, but talk to the clients using whatever local subnet IP addresses they have, without using NAT or anything else. A more complex approach would be to the network interface in promiscuous mode and use a divert socket to forward all normal web traffic (HTTP, 80/tcp) to the Squid proxy regardless. That has the advantage of not having to configure the clients to use a proxy, however. Anyway. I don't think setting this up is easier than using NAT, but perhaps you might find the concept useful.... -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?07A045ED-C55A-11D8-86C5-003065ABFD92>