also sprach Arnt Karlsen <arnt@xxxxxxx> [2005.03.24.2014 +0100]:
> ..having re-read this thread all the way from your Message-ID:
> <20050323100605.GA24210@xxxxxxxxxxxxxxxxxx>, I _lost_ you.
>
> ..is this some kinda paid "research" you're doing for Microsoft???
Yeah, sure. I am a secret M$ agent trying to improve MS Proxy Server
1.0 for the scheduled release in 2006^W9.
I am not sure what problems you are having understanding the
challenge at hand.
also sprach David Mandelberg <mandelbergd@xxxxxxxxxxxxxxxxxx> [2005.03.25.1730
+0100]:
> > This works. Problem is that the packets arriving at 3128 have the
> > dynamic external IP as source, when they should have 127.0.0.1.
> Is there a problem with that?
Yes. As stated multiple times: it breaks squid access control.
> When a program under linux tries to contact an address that's used
> by one of the machine's interfaces, the traffic is sent localy and
> never goes to that interface.
... fwiw, any TCP/IP stack does this.
> Using SNAT would probably break the http client because it would
> send using the world ip and therefore wouldn't be listening on
> 127.0.0.1 for the reply from squid.
What?
Maybe we should just forget the details and someone can give me
a clear answer to: is it possible to rewrite both, source and
destination socket in locally generated, outgoing packets, *before*
a routing decision is made?
--
Please do not send copies of list mail to me; I read the list!
.''`. martin f. krafft <madduck@xxxxxxxxxx>
: :' : proud Debian developer, admin, user, and author
`. `'`
`- Debian - when you have better things to do than fixing a system
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
<!--#include file="~/.signature"-->
signature.asc
Description: Digital signature
|
