Redirection with a bridge ?

[Charles Swiger]

On Jun 22, 2004, at 9:02 AM, Matt Juszczak wrote:
> What are some of the other approaches (if you dont mind).  I can't 
> really do a NAT, I'd really like to stay with a bridge and not do any 
> routing.

Normally, something like squid listens on a specific port and only 
proxies requests which are explicitly sent to it.  If you set up Squid 
on a dual-homed machine acting as a firewall, you can configure all 
clients to use it without them being able to route traffic outside of 
the firewall themselves.  In that case, squid will talk to the outside 
world using the external interface, but talk to the clients using 
whatever local subnet IP addresses they have, without using NAT or 
anything else.

A more complex approach would be to the network interface in 
promiscuous mode and use a divert socket to forward all normal web 
traffic (HTTP, 80/tcp) to the Squid proxy regardless.  That has the 
advantage of not having to configure the clients to use a proxy, 
however.  Anyway. I don't think setting this up is easier than using 
NAT, but perhaps you might find the concept useful....

-- 
-Chuck