>>>>> "Karsten" == Karsten M Self <kmself@ix.netcom.com> writes:
>>>>> "Dave" == Dave Carrigan <dave@rudedog.org> writes:
Dave> Also, if you prefer not to use a transparent cache (I
Dave> sometimes want to bypass squid), then you can install a
Dave> normal squid proxy and set an environment variable:
Dave> http_proxy=3Dhttp://squidbox.dom.ain:3128/
Dave> Apt honors the http_proxy environment variable if it's set.
Karsten> True. But with a transparent proxy on your gateway
Karsten> there's *no* client or node configuration to be done to
Karsten> utilize it -- for any host served by that gateway.
Karsten> Hence: transparent.
I'm not sure, but IIRC a proxy def (either by http_proxy or by
configuring the app) works for *all* http accesses, no matter which
port.
So, to really be transparent, you'd need to redirect all HTTP acesses
to your firewall's cache. Hmmm... can iptables analyze the protocol
the connection is using?
(ipchains sure can't)
Bye, J
PS: I'd like to do that... as I can autoconfig Netscape to go via my
firewall when it's there and go direct when it's not (useful on a very
mobile laptop), but I can't do the same for links etc. (BTW, that's a
tiny Python script being invoked via inetd, no webserver
needed... </brag> ;-)
But the bypassing is important too (I found a server that absolutely
didn't like being contacted by my squid). You could do that with a
special port, that the firewall would redirect to 80... but then you
couldn't get to servers on non-std ports. Oh well...
--
Jürgen A. Erhard (juergen.erhard@gmx.net, jae@users.sf.net)
My WebHome: http://members.tripod.com/Juergen_Erhard
Stop the execution of Mumia Abu-Jamal! (http://www.freemumia.org)
DMCA -- A.K.A The Gag Rule
Attachment:
pgpFItvtVw0ds.pgp
Description: PGP signature