Firewall Wizards mailing list archives

Re: PIX Transparent proxy

From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Thu, 28 Oct 2004 21:31:01 +0530

On 27/10/04 10:54 -0500, Fetch, Brandon wrote:

I'd second Kevin's recommendation/statement.

Also, could the squid box run in a 'bridged' mode proxying all
communications from the local LAN to the PIX - ie make it the default


This is not possible in a default setup. However, there is a Linux kernel
patch (see http://www.balabit.com/ for the ctt-proxy patch), and a
corresponding patch for squid which you can use to make this happen.

Links may wrap:

http://www.balabit.com/downloads/tproxy/linux-2/
http://www1.nl.squid-cache.org/mail-archive/squid-dev/200404/att-0032/squid-2.5-cttproxy-04JES.diff


The only thing not mentioned in the docs is that you need to set this
sysctl on the Linux box.

sysctl -w net.ipv4.ip_nonlocal_bind=1

The setup is rather trivial, and pretty well documented in the readmes.

Devdas Bhagat
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

PIX Transparent proxy Juan Pablo Feria (Oct 22)
- Re: PIX Transparent proxy Kevin (Oct 25)
- <Possible follow-ups>
- RE: PIX Transparent proxy Fetch, Brandon (Oct 28)
  - Re: PIX Transparent proxy Devdas Bhagat (Oct 28)