Re: [squid-users] redirect all ports to squid

2014-10-04 Thread Visolve Squid 
Spam detection software, running on the system master.squid-cache.org,
has identified this incoming email as possible spam.  The original
message has been attached to this so you can view it or label
similar future email.  If you have any questions, see
@@CONTACT_ADDRESS@@ for details.

Content preview:  Hi, Yes, we can redirect the ports to squid through our 
firewall
   rules. Check below lines to redirect the ports. We have some different 
methods
   to do. 1. In first Method: First, we need to machine that squid will be 
running
   on, You do not need iptables or any special kernel options on this machine,
   just squid. You *will*, however, need the 'http_accel' options as described
   above. [...] 

Content analysis details:   (5.9 points, 5.0 required)

 pts rule name  description
 -- --
 0.0 URIBL_BLOCKED  ADMINISTRATOR NOTICE: The query to URIBL was 
blocked.
See

http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
 for more information.
[URIs: squid-cache.org]
 0.0 HTML_MESSAGE   BODY: HTML included in message
 1.6 RCVD_IN_BRBL_LASTEXT   RBL: No description available.
[182.73.50.82 listed in bb.barracudacentral.org]
 0.7 RCVD_IN_XBLRBL: Received via a relay in Spamhaus XBL
[182.73.50.82 listed in zen.spamhaus.org]
 3.6 RCVD_IN_PBLRBL: Received via a relay in Spamhaus PBL
 0.0 UNPARSEABLE_RELAY  Informational: message has unparseable relay lines

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam.  If you wish to view
it, it may be safer to save it to a file and open it with an editor.

---BeginMessage---

Hi,

Yes, we can redirect the ports to squid through our firewall rules.

Check below lines to redirect the ports.
We have some different methods to do.
1. In first Method:
First, we need to machine that squid will be running on, You do not 
need iptables or any special kernel options on this machine, just squid. 
You *will*, however, need the 'http_accel' options as described above.


You'll want to use the following set of commands on iptables-box:

 * iptables -t nat -A PREROUTING -i eth0 -s ! *squid-box* -p tcp
   --dport 80 -j DNAT --to *squid-box*:3128
 * iptables -t nat -A POSTROUTING -o eth0 -s *local-network* -d
   *squid-box* -j SNAT --to *iptables-box*
 * iptables -A FORWARD -s *local-network* -d *squid-box* -i eth0 -o
   eth0 -p tcp --dport 3128 -j ACCEPT

2. And have another method:

 * iptables -t mangle -A PREROUTING -j ACCEPT -p tcp --dport 80 -s
   *squid-box*
 * iptables -t mangle -A PREROUTING -j MARK --set-mark 3 -p tcp --dport 80
 * ip rule add fwmark 3 table 2
 * ip route add default via *squid-box* dev eth1 table 2

(OR)

iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT 
--to-port 3128


Regards,
Visolve Squid

On 9/30/2014 10:11 PM, hadi wrote:

It's possible to redirect all ports to squid ? thru iptables ?
For example port 25 smtp,143 imap, etc...
Can squid handle that. In transparent mode.


___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


---End Message---
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] redirect all ports to squid

2014-09-30 Thread hadi 
It's possible to redirect all ports to squid ? thru iptables ?
For example port 25 smtp,143 imap, etc...
Can squid handle that. In transparent mode.



smime.p7s
Description: S/MIME cryptographic signature
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] redirect all ports to squid

2014-09-30 Thread Eliezer Croitoru 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Indeed using SSL-BUMP it's possible but(a bit but)..
It will not be able to handle non http\https traffic just like that.
It will require more then just squid setup and it might be a better
idea to find a better solution for you rather then using squid.

If you find one that can do it the right way please send me a link.

Eliezer

On 09/30/2014 07:41 PM, hadi wrote:
 It's possible to redirect all ports to squid ? thru iptables ? For
 example port 25 smtp,143 imap, etc... Can squid handle that. In
 transparent mode.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEcBAEBAgAGBQJUKuzFAAoJENxnfXtQ8ZQUVLAH/23Exs+zStTsI8ltn7LcZ0x6
RL1l46e68anl/hSGbeAU5FUDT3IcTmHzmnLyjQC/0VHegBHzzCn0a3lcFmFDX4xI
sH9vw+LSewSfxuQ/VRWHPUBF87T1awJQ36vWN8wanzZkFPCjvKvHdwQQIc2+Mrlq
2ALoKtYh/cZqpCjTCRJJT6//xxuHNaOkN4cp0AUNMEk8bJ2gUljNyoV7AFySeG5G
M9IqcX0BfJnazK0OxdzC18B8ENaLBcVihPdHw5JxDTx2yWsMLKFujBv9KqHbmEmF
9LvXb6pwBbD3tz6b2yrndwyLix/HnwIreHCb9YyxwiBJ3w7PW4whMbBJt/yFPTg=
=MyrY
-END PGP SIGNATURE-
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] redirect all ports to squid

2014-09-30 Thread Eliezer Croitoru 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 09/30/2014 08:30 PM, Leonardo Rodrigues wrote:
 Other protocols, SMTP, IMAP, POP3, etc etc etc, cannot be handled
 by squid.
They cannot be interpreted but can be handled with a none rule for
ssl bump.

Eliezer
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEcBAEBAgAGBQJUKuz9AAoJENxnfXtQ8ZQUvEgH/i/rl/NFDwbYN+afuaaMYace
rSunwCJDtJPZJ5XQg197c3peDuGILnep27lvCJCiUt9rhWlhfHZIqfD5D4vjJmHC
ABRsuLFrtUE19kMOalEMo4Zlwna13ky5hIMSUrue5SJK7b6+xdVPNKqXMsb9a2Nm
nWA6+IQg4zZQ3fcR6D0Jqk7VUxAPDXLLVMkNIV/YeE8sd/IX2st3+bpxel+sOegv
A3AAgUt7blkBIf1FcxN5Tl56lTmz/2OLC1EoWj7HKRCX/zEc3/IavWI6yM9AVlCI
yze0Nm0PTCoXezkee8dz/nSMfUj9ZKxo2nlJrlHs+oeeQ+piOz6nfiT6TTTOvp4=
=0+Ix
-END PGP SIGNATURE-
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users