Redirection with a bridge ?
Charles Swiger
cswiger at mac.com
Wed Jun 23 14:20:18 PDT 2004
On Jun 22, 2004, at 9:02 AM, Matt Juszczak wrote:
> What are some of the other approaches (if you dont mind). I can't
> really do a NAT, I'd really like to stay with a bridge and not do any
> routing.
Normally, something like squid listens on a specific port and only
proxies requests which are explicitly sent to it. If you set up Squid
on a dual-homed machine acting as a firewall, you can configure all
clients to use it without them being able to route traffic outside of
the firewall themselves. In that case, squid will talk to the outside
world using the external interface, but talk to the clients using
whatever local subnet IP addresses they have, without using NAT or
anything else.
A more complex approach would be to the network interface in
promiscuous mode and use a divert socket to forward all normal web
traffic (HTTP, 80/tcp) to the Squid proxy regardless. That has the
advantage of not having to configure the clients to use a proxy,
however. Anyway. I don't think setting this up is easier than using
NAT, but perhaps you might find the concept useful....
--
-Chuck
More information about the freebsd-questions
mailing list