Re: [squid-users] transparent proxy setup & limiting target hosts

From: Internet Admin <[email protected]>
Date: Thu, 1 Jul 2004 08:55:46 +0800

You could actually use iptables (if you have kernel 2.4 versions) which is
very robust than ipchains. You could start looking at
www.linuxhelp.net/guides there are some basic and advanced config for
iptables and ipchains including rerouting clients from one port to your
desired port.

----- Original Message -----
From: "Linda W." <squid-user@tlinx.org>
To: "Squid Users" <squid-users@squid-cache.org>
Sent: Thursday, July 01, 2004 6:35 AM
Subject: [squid-users] transparent proxy setup & limiting target hosts

> I've never setup a squid proxy in transparent mode. Am I correct in
> assuming
> I need to also have ip_chains in my kernel to route the traffic from my
> internal net to the outside world or would simple entries to the routing
> table work?
>
> I only have 1-2 addresses that I want to transparently proxy -- I have a
> network device that wants to speak to some http servers but doesn't know
> about http
> proxies.
>
> Am looking for a least effort approach that will allow the device to
contact
> it's server, but I don't want to open access to any other http servers.
>
> As a minor addition, I want to limit access to this proxy only from this
> network device (at a fixed address assigned by my internal DHCP
> server). I know that
> should be trival using ACL's, but it would be "cool" if I could use my
> existing
> running copy of squid3beta to serve it's current function of an
> 8080-based http proxy as well as providing the transparent service to
> the dumb network device.
>
> It doesn't appear to be entirely straight forward since if I config my
> internal
> ethernet interface to respond as the external host, I'm not sure that
plain
> 'route' commands would be able to handle the task of forwarding the
traffic.
>
> Haven't gotten into ipchains configuration yet, and wanted to avoid
> adding that
> complexity if it is not necessary as complexity is the enemy of
> reliability and security as a "general" rule...:-)
>
> TIA for suggestions/answers...
>
> I haven't found much in the documentation about transparent proxying...
>
> (oh for a manpage .....:-))
>
> -linda
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner which is
> installed at www.sscrmnl.edu.ph and believed to be clean.
> Report abuse from this domain at abuse@sscrmnl.edu.ph

-- 
This message has been scanned for viruses and
dangerous content by MailScanner which is
installed at www.sscrmnl.edu.ph and believed to be clean.
Report abuse from this domain at abuse@sscrmnl.edu.ph
Received on Wed Jun 30 2004 - 18:56:11 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Jul 01 2004 - 12:00:03 MDT