|
||||||||
Last one on the Transparent Proxy stuph for me..... I got the files from Ryan and basically what they do is almost completely but not entirely (un)like what I did in the config. ;-) The settings just work fine, you can actually do an outbound nat on the LAN interface to your proxy server. No problem at all.... But here come the thing I feel COMPLETELY stupid about not seeing this sooner, like in the first two seconds I looked at it. When putting the Proxy in your lan network, where you're clients are, you effectively rule out that entire subnet of using the proxy. Hence how: 1. The client "connects" to the web-page you want to see. 2. The firewall (m0n0) will translate the dest. IP to the proxy IP. 3. Your proxy IP will then want to return a packet, stating that it's OK to connect to it. Here comes the trick. 4. Your client does think that packet has to come from your DESTINATION. Not the proxy. 5. And since your proxy is inside the subnet your client is in, the returning packet does NOT go through the m0n0wall and does NOT get natted back to it's original IP. 6. Your clients sees this packet, originating from an other IP and discards is. 7. No Transparent proxy for you in the same subnet sir.... Again, I feel a real NITWIT not seeing this sooner. Or did anyone ever post this before ? Then I will crawl back to kindergarten.... (This e-mail does not reflect my current state of mind, I CAN actually laugh about it. Don't worry). -- Jeroen Visser. -- Sure, we know Unix, we've seen it in Jurassic Park... |