- 论坛徽章:
- 0
|
谢谢lasama iamshiyu ssffzz1 iamshiyu wysilly platinum的回答。
下面是Transparent Proxy with Linux and Squid mini-HOWTO中的原话:
http://www.faqs.org/docs/Linux-mini/TransparentProxy.html#s7
7. Transparent Proxy With Bridging
Warning, this is really esoteric stuff. If you need it, you'll know. If not, skip this section. Thanks to Lewis Shobbrook (lshobbrook@fasttrack.net.au) for contributing to this section.
If you are trying to setup a transparent proxy on a Linux machine that has been configured as a bridge, you will need to add one additional iptables command to what we had in section 5. Specifically, you need to explicitly allow connections to the machine on port 3128 (or any other port squid is listening on), otherwise the machine will just forward them over to the other interface like a good little bridge. Here's the magic words:
* iptables -A INPUT -i interface -p tcp -d your_bridge_ip -s local-network --dport 3128 -m state --state NEW,ESTABLISHED -j ACCEPT
Replacing interface with the interface that corresponds to your_bridge_ip (typically eth0 or eth1). First time bridge users should also note that you'll probably want to repeat the same command with ``3128'' replaced by ``telnet'' if you want to administer your bridge remotely.
不过,to ssffzz1:
如果定向到另外一台squid服务器,其实本质是一样的。还是不能放到一起完全透明。
曾有关于IP挟持的想法,不过似乎还是不可行。始终需要一个platinum所说的"中间人",而且必须固定的“中间人”。 |
|