[MASOCH-L] Squid em 64 bits
bruno at openline.com.br
bruno at openline.com.br
Fri Nov 28 22:07:20 -03 2008
Ola
--- Jeronimo Zucco <JCZucco at ucs.br> escreveu:
> Fiquei curioso, pois não conhecia o tproxy. Alguém pode me dizer
> porque usar ele e não simplesmente um redrect com iptables e a
> configuração simples do squid como proxy transparente ?
Se você usar o redirect do iptables com a configuracão simples
do squid como proxy transparente, as requisicões para os sites
da Internet saem com o IP do proxy
Se usar o tproxy e o squid modificado, as requisicões saem com
o IP do cliente.
> Olhei no README do tproxy sobre isso, e só que li foi:
>
> We have a 'REDIRECT' target, isn't that enough?
> ----------------------------------------------
>
> Real transparent proxying requires the following three features from
> the IP stack of the computer it is running on:
> 1. Redirect sessions destined to the outer network to a local process
> using a packet filter rule.
> 2. Make it possible for a process to listen to connections on a
> foreign address.
> 3. Make it possible for a process to initiate a connection with a
> foreign address as a source.
>
> Item #1 is usually provided by packet filtering packages like
> Netfilter/IPTables, IPFilter. (yes, this is the REDIRECT target)
>
> All three were provided in Linux kernels 2.2.x, but support for this
> was removed.
>
> Portanto, está falando do kernel 2.2 !
Tinha no kernel 2.2, foi removido, e o patch do tproxy devolve
[]s, !3runo Cabral
More information about the masoch-l
mailing list