[c-nsp] Transparent Proxy
Mark Tinka
mtinka at globaltransit.net
Tue Jul 22 07:26:45 EDT 2008
On Tuesday 22 July 2008 00:16:02 Rhino Lists wrote:
> access-list 111 deny tcp any any neq www
> access-list 111 deny tcp host 192.168.1.188 any
> access-list 111 permit tcp any any log
Try this for your ACL, instead:
deny tcp host ip.of.squid.box any eq www
permit tcp your.ip.net.block your.block.net.mask any eq www
Obviously, make sure your (I'm assuming) Squid box is setup
to properly capture the redirected packets and forward them
to port it's listening on for processing.
However, as others have noted, consider WCCP - it scales
better.
Cheers,
Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: This is a digitally signed message part.
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20080722/3798df65/attachment.bin>
More information about the cisco-nsp
mailing list