[squid-users] Transparent proxy and NTLM auth
I've got the proxy work great with setting the browser configuration. Now I'm trying to get the transparent piece working so I added the http_port 3128 transparent and set the IPTABLES rule to route the packets from 80 to 3128. I can see that this piece is working as it's logging my attempts in the squid/access.log file. In switching between transparent and not-transparent I see that the source IP address switches from 127.0.0.1 (not-transparent) to my local PC IP address in transparent mode. I think because of this I'm getting an access denied. Trouble is... What in squid controls this? Any ideas? Thanks! Scott
Re: [squid-users] Internal DNS / External DNS configuraiton in squid
Hello, That's not something squid can do. You can do that with some limitations by configuring your DNS server using forwarding zones for your internal domains. You may want to set a dedicated server up for your proxies. Happy 2009! On 12/31/08, Tharanga Abeyseela thara...@roomsnet.com wrote: Hi folks, Iam using squid 3 as my proxy and it has different ACL's. I need to use internal usernames (u...@mydomain.com) in access control list instead of IP's . But my issue is iam resolving the names from external DNS server. is there any way i can use in squid to use internal ip's from a intrnal DNS server and others from external DNS server. this will ease my task . many thanks, Tharanga Abeyseela -- /kinkie
[squid-users] NTLM and transparent/interception confusion
I've been doing a lot of reading on this... I've got the proxy working in either of these two modes: 1) As a browser configuration proxy 2) with http_port 3128 transparent, in redirected mode I've got NTLM authentication working just fine with #1 above. However, with #2 I never get a password prompt. I don't really care about transparency; I just want to authenticate users that are outbound without having to configure their browser. I asked this question a couple of months back and there are people stating that they are doing the authentication with transparent mode. Some of the references I've found in my searches also seem to corroborate the possibility of this working (but it's not working for me). However, in the documentation it seems that this should not be possible. Am I barking up the wrong tree or is this truly possible? Thanks Scott
Re: [squid-users] NTLM and transparent/interception confusion
On 31.12.08 13:06, Johnson, S wrote: I've been doing a lot of reading on this... I've got the proxy working in either of these two modes: 1) As a browser configuration proxy 2) with http_port 3128 transparent, in redirected mode I've got NTLM authentication working just fine with #1 above. However, with #2 I never get a password prompt. I don't really care about transparency; I just want to authenticate users that are outbound without having to configure their browser. configure WPAD (aka proxy autoconfiguration) then. It's principially impossible to have browser log to the proxy, when browser thinks there's no proxy... I asked this question a couple of months back and there are people stating that they are doing the authentication with transparent mode. proxy can get some login info from third party, e.g. domain controller, that tells it who's logged on the particular machine. Browser won't do it as described above. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Fucking windows! Bring Bill Gates! (Southpark the movie)
Re: [squid-users] Internal DNS / External DNS configuraiton in squid
Kinkie wrote: Hello, That's not something squid can do. You can do that with some limitations by configuring your DNS server using forwarding zones for your internal domains. You may want to set a dedicated server up for your proxies. Happy 2009! On 12/31/08, Tharanga Abeyseela thara...@roomsnet.com wrote: Hi folks, Iam using squid 3 as my proxy and it has different ACL's. I need to use internal usernames (u...@mydomain.com) in access control list instead of IP's . But my issue is iam resolving the names from external DNS server. is there any way i can use in squid to use internal ip's from a intrnal DNS server and others from external DNS server. this will ease my task . Hi Tharanga, I don't know, what is in your case. But I would recommend you to use VIEWS in your Internal DNS server. Matching you Proxy Server(s) to read Internal DNS Database and other to External DNS server. But again I agree as Kinkie said this is not what squid can do for you. Regards, Pritam many thanks, Tharanga Abeyseela Internal Virus Database is out of date. Checked by AVG - http://www.avg.com Version: 8.0.176 / Virus Database: 270.9.19/1857 - Release Date: 12/19/2008 10:09 AM
Re: [squid-users] load balancing
Mario Remy Almeida wrote: Hi All, What I mean to say is.. E.G:- SP 1 = 10.200.2.1 SP 2 = 10.200.2.2 LAN USERS = 10.200.2.x All lan users should connect to SP1 or SP2 depending upon the load and if one of the SP is down the other should take the load. One way of achieving load balance is with DNS proxy1.example.com IN A 10.200.2.1 proxy1.example.com IN A 10.200.2.2 Hi Remy, I agree the DNS server could do the balancing here. But to be more precise DNS is more appropriate in Load-Balancing the other kind of services like SMTP, WEB etc. What I recommend is a router capable of web-traffic redirection like WCCP in Cisco routers. May be if you want to know more about WCCP. This URL http://articles.techrepublic.com.com/5100-10878_11-6175637.html could let you know how it works. Regards, Pritam Regards, Pritam And what if the DNS Server is down and also how to do fail over //Remy On Tue, 2008-12-23 at 09:05 -0600, Luis Daniel Lucio Quiroz wrote: Just remember when using load balancing, if you use digest auth, then you MUST use source persistence. On Tuesday 23 December 2008 08:38:27 Ken Peng wrote: Hi All, any links on how to configure load balancing of squid See the default squid.conf, :) Internal Virus Database is out of date. Checked by AVG - http://www.avg.com Version: 8.0.176 / Virus Database: 270.9.19/1857 - Release Date: 12/19/2008 10:09 AM
