[squid-users] Re: transparently proxying ICQ and other messengers

From: Adam Aube <[email protected]>
Date: Tue, 04 Jan 2005 12:16:11 -0500

Please don't top post (which is putting your reply above the original
message) - it makes the thread hard to follow.

Chavdar Videff wrote:
> On Tuesday 04 January 2005 04:45, Ow Mun Heng wrote:

>> Look at the SSL_ports or SSL_safe_ports (can't remember the exact name)
>> and put in the ports for ICQ and others there.

>> That's just neccesary for them to use the CONNECT method for connecting.

>> Note that these are _not_ proxying requests. Your box just acts as
>> forwarders.

> Sorry but this didn't work. Can the reason be that squid was not
> configured with --enable-ssl option?

That is for using SSL reverse proxying - it has nothing to do with normal
(forward) proxy setups.

> Would it be less secure if i just allow ICQ to pass
> through the iptables firewall and SNAT in POSTROUTING chain?

It's no less secure than CONNECT tunneling, and from Squid's standpoint it
may be more secure - fewer ports on which CONNECT is allowed.

Adam
Received on Tue Jan 04 2005 - 10:16:34 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:35 MST