[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewall-wizards
Subject:    Re: [fw-wiz] PIX Transparent proxy
From:       Devdas Bhagat <devdas () dvb ! homelinux ! org>
Date:       2004-10-28 16:13:01
Message-ID: 20041028213101.A15495 () evita ! devdas ! geek
[Download RAW message or body]

On 27/10/04 10:54 -0500, Fetch, Brandon wrote:
> I'd second Kevin's recommendation/statement.
> 
> Also, could the squid box run in a 'bridged' mode proxying all
> communications from the local LAN to the PIX - ie make it the default

This is not possible in a default setup. However, there is a Linux kernel
patch (see http://www.balabit.com/ for the ctt-proxy patch), and a
corresponding patch for squid which you can use to make this happen.

Links may wrap:

http://www.balabit.com/downloads/tproxy/linux-2/
http://www1.nl.squid-cache.org/mail-archive/squid-dev/200404/att-0032/squid-2.5-cttproxy-04JES.diff


The only thing not mentioned in the docs is that you need to set this
sysctl on the Linux box.

sysctl -w net.ipv4.ip_nonlocal_bind=1

The setup is rather trivial, and pretty well documented in the readmes.

Devdas Bhagat
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
[prev in list] [next in list] [prev in thread] [next in thread]