also sprach Arnt Karlsen <arnt@c2i.net> [2005.03.24.2014 +0100]: > ..having re-read this thread all the way from your Message-ID: > <[🔎] 20050323100605.GA24210@cirrus.madduck.net>, I _lost_ you. > > ..is this some kinda paid "research" you're doing for Microsoft??? Yeah, sure. I am a secret M$ agent trying to improve MS Proxy Server 1.0 for the scheduled release in 2006^W9. I am not sure what problems you are having understanding the challenge at hand. also sprach David Mandelberg <mandelbergd@eth0.is-a-geek.org> [2005.03.25.1730 +0100]: > > This works. Problem is that the packets arriving at 3128 have the > > dynamic external IP as source, when they should have 127.0.0.1. > Is there a problem with that? Yes. As stated multiple times: it breaks squid access control. > When a program under linux tries to contact an address that's used > by one of the machine's interfaces, the traffic is sent localy and > never goes to that interface. ... fwiw, any TCP/IP stack does this. > Using SNAT would probably break the http client because it would > send using the world ip and therefore wouldn't be listening on > 127.0.0.1 for the reply from squid. What? Maybe we should just forget the details and someone can give me a clear answer to: is it possible to rewrite both, source and destination socket in locally generated, outgoing packets, *before* a routing decision is made? -- Please do not send copies of list mail to me; I read the list! .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer, admin, user, and author `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver! <!--#include file="~/.signature"-->
Attachment:
signature.asc
Description: Digital signature