RE: [squid-users] Transparent Proxying with SquidNT

From: Gary Price <[email protected]>
Date: Sat, 12 Apr 2003 00:04:41 +1000

Hi
Yes, I understand this point. Actually to achieve this with Solaris 8 I
have modified ipnat so you can call into it from a 32-bit process, which
you cannot do with the standard version, and that might be useful to
someone else I guess. The reason I asked about RRAS is that I do not
think it can do what I want, and just wanted to see if anyone could tell
me differently. I am tending towards a special purpose kernel mode
program for this purpose.

Thanks
Gary Price
ICT

-----Original Message-----
From: Henrik Nordstrom [mailto:hno@squid-cache.org]
Sent: Friday, 11 April 2003 11:37 PM
To: Gary Price (ICT)
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Transparent Proxying with SquidNT

A small note of warning: For transparent proxying to work really well
Squid must know how to ask the NAT engine what the real intended
destination address is. If not it won't work for certain HTTP/1.0
clients not sending Host: headers.

Fortunately such clients is not very common. Mostly seen in other
"hidden" HTTP clients such as certain anti-virus update agents, custom
programs etc..

Regards
Henrik

fre 2003-04-11 klockan 02.14 skrev Gary Price (ICT):
> Hi
> I have been trying to use RRAS to set up transparent proxying on Win2K

> with squidNT2.5. I would like to use the NAT facility of RRAS to
> translate any incoming destination address to an address on the proxy
> machine, so that squid can process it. So far, I have not been able
> to do this. It appears from the documentation that with RRAS NAT it is

> possible to do either/both
>
> 1. Map a range of "client" IP addresses to one or a few "public"
> addresses. This should be suitable, except that it is not clear how to

> apply this transformation only to a specific port (80 say).
>
> 2. Translate requests from a "public" network directed at a specific
> IP address and port to another "internal" IP address and port. This is

> meant to allow external access to internal services (like a proxy?).
> This seems not to be suitable because it requires a specific list of
> IP addresses - there seems to be no way to specify that every incoming

> port 80 request, no matter to what origin server, be translated to a
> single loacl IP address.
>
> Has anyone been able to use RRAS to do transparent proxying on
> Windows?
>
> Thanks
> Gary Price
> ICT

-- 
Henrik Nordstrom <hno@squid-cache.org>
MARA Systems AB, Sweden
Received on Fri Apr 11 2003 - 08:05:23 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:56 MST