[K12OSN] transparent proxying fix??
Eric Harrison
eharrison at mail.mesd.k12.or.us
Fri Aug 11 16:27:59 UTC 2006
Burke Almquist wrote:
> To me that makes more sense. Why would you be proxying traffic on the
> external interface??
<Standard disclaimer: I'm re-inventing history here>
I believe the logic went like this:
1) Is it 100% safe to assume that eth0 is the internal interface? No.
2) Is it 100% safe to have the redirect on all interfaces? Yes.
therefore: it makes sense to have the redirect on all interfaces.
You have presented an edge-case that proves assumption #2 to be incorrect.
That leaves us with the problem of finding a new way to mitigate
assumption #1 ;-)
-Eric
> On Aug 4, 2006, at 1:17 PM, Eric Harrison wrote:
>
>> Burke Almquist wrote:
>>> The transparent proxy script should only redirect traffic on the
>>> internal interface to the squid/squidguard/dg port. I've noticed that
>>> it doesn't do this, it redirects traffic from both interfaces. Is this
>>> intentional or accidental? Am I missing something?
>>>
>>
>> The transparent proxy script has not been changed in years, I honestly
>> can't remember all of the design considerations ;-)
>>
>>
>> The intent is that a transparent proxy server should *ONLY* be a
>> transparent proxy server, it should not be a general-purpose server.
>>
>>
>> I'll take another look at it. The suggestion of limiting it to the
>> internal interface only may very well be a better way to go.
>>
>> -Eric
>>
More information about the K12OSN
mailing list