Thanks for your help all you guys who did help me, and everyone else for your
patience.
To create a transparent proxy that does web cache, capturing packets from a
bridge device, with squid (and the bridge) in the same machine.
My solution was:
- Upgrade to kernel 2.6.5
- Get ebtables http://ebtables.sourceforge.net/
- Use the following lines
// Create the bridge
# ifconfig eth0 0.0.0.0 promisc up
# ifconfig eth0 0.0.0.0 promisc up
# brctl addif br0 eth0
# brctl addif br0 eth0
# ifconfig br0 200.1.2.3 netmask 255.255.255.0 up
# route add default gw 200.1.2.254 dev br0
// This line tells ebtables to route (accept) the packages
// going to port 80, instead of bridging them:
# ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 --ip-destination-port
80 -j redirect --redirect-target ACCEPT
// Tell iptables to redirect the packages going to 80, to its own port 3128
# iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT --to-port
3128
Works like a charm!!! :D
An if the squid/bridge machine crashes or dies i can easily unplug the cable and
plug it to the router.
NOTE: I learned that if after setting up my bridge if your machine locks up or
beings with a nasty behaviour. It is a network driver problem, it's because one
(or both) interface can't go into promiscuos mode. Get a better card! As i
did.
I've put a page to instruct how to do it (in spanish):
http://fismat.umich.mx/~ariel/?ariel=bridged-squid
Mensaje citado por Denis Vlasenko <vda@port.imtp.ilyichevsk.odessa.ua>:
> On Wednesday 14 April 2004 20:38, Ariel Molina Rueda wrote:
> > Quoting Denis Vlasenko <vda@port.imtp.ilyichevsk.odessa.ua>:
> > > On Tuesday 13 April 2004 23:23, Ariel Molina Rueda wrote:
> > > > Hello,
> > > >
> > > > I have a network and im trying to do transparent web-cache with Squid,
> > > > but my network is too complex and i prefer not to edit settings so i
> > > > think a bridge is adecuated. My network is
> > > >
> > > > ((internet))
> > > >
> > > > +------+
> > > >
> > > > |router|
> > > >
> > > > +------+
> > > >
> > > > * <--- Squid here
> > > >
> > > > +--------+
> > > >
> > > > | switch |
> > > >
> > > > +--------+
> > > >
> > > > | | | \
> > > > | | | \
> > > >
> > > > (clients) (wireless clients)
> > >
> > > I'd put squid _on_ the router box, add transparent redirect
> > > and compile squid with Linux trasparent redirect support.
> > >
> > > No need to mess with bridging.
> > >
> > > Works for me.
> >
> > Would be great, but it is a Cisco router, i cant install squid on it. Also
> > i cannot route www traffic directly to the squid box, i need it to be a
> > ghost machine, so if it fails i can unplug the cable and plug it to the
> > router.
>
> But you can get rid of cisco altogether ;)
>
> What cisco does for you that Linux won't,
> except for more pricey hardware?
> --
> vda
>
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
Received on Thu Apr 15 2004 - 14:31:42 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Apr 30 2004 - 12:00:02 MDT