Re: TRANSPARENT PROXY and Squid

From: Marc Delisle <[email protected]>
Date: Thu, 12 Sep 1996 15:41:10 -0700

Eric Dumazet wrote:
>
> Hello everybody.
>
> I'am using squid-1.0.11 on a Linux machine, acting as a firewall/proxy
> for my company.
>
> After seeing the TRANSPARENT PROXY capability of recent linux kernel,
> I would like to use this with squid.
>
> The main advantage would be that my collegues would'nt have to worry about
> configuring their browser, because the linux machine is already the
> gateway for our Internet access. And I would'nt have to explain to
> my collegues how to configure their browser (!)
>
> I have done some tests about Transparent proxying :
> My squid server listen for incoming requests on port 8080.
>
> If I issue the command :
> /sbin/ipfwadm -I -a acc -P tcp -S any/0 -D any/0 80 -r 8081
>
> Then, the gateway intercepts the connection and redirects it to a local
> application listening on port 8081, instead of forwarding it to the
> real destination.
>
> The local application does an accept() and can obtain the IP address
> of the destination wanted by the browser with getsockname().
>
> This hack could be used by squid with some modifications :
>
> When the browser ask a page (the / for example), squid should receive
> GET / HTTP/1.0
>
> instead of
> GET http://www.somesite.com/ HTTP/1.0
>
> Thus, I am thinking of adding a configuration option in squid.conf,
> telling squid to listen to another port (8081 for example) for incoming
> connections, redirected by the TRANSPARENT proxy facility in the kernel.
>
> If an accept is done on this port, squid would know about the hack,
> and would issue getsockname() in order to know the IP address of the
> web server asked. Squid should insert th IP address in the request
> coming from the browser, before entering the main code of the proxy.
>
> What do you think of this idea ?
>
> Eric dumazet
> edumazet@cosmosbay.com

did you try the httpd accelerator mode?

-- 
Marc Delisle               DelislMa@CollegeSherbrooke.qc.ca              
      
Service Informatique,                              
Coll�ge de Sherbrooke      
Qu�bec.  819/564-6223
Received on Thu Sep 12 1996 - 12:40:00 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:33:00 MST