estion mark :-)
It would be a good idea to have a look at some packet captures and see
what is going on.
It's been about a decade since I worked with transparent proxies, but
remember it being a bit of a pain in certain circumstances.
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpe
do Source NAT, don't
you?
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net
smime.p7s
Description: S/MIME Cryptographic Signature
t, if it is not then perhaps you would want something like this:
ISP
|
|
ISP Router
|
|
Your FirewallDMZYour Proxy
|
|
|
Switch
|
Your LAN PCs.
On Wed, Apr 30, 2014 at 4:32 PM, Giles Coochey wrote:
On 30/04/2014 11:57, Dwijadas Dey wrote:
ISP
|
|
|
Linksys Router
|
|
over the IP of the proxy and gain access to the Internet
for itself. If you put the proxy in a DMZ then it is further protected
from this kind of attack.
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
http://www.coochey.net
http
But wait, what other requirements do you have that a HTTP proxy server
can provide? If you don't have any, you don't need a proxy server
because it will only get in the way.
Perhaps circumventing a national firewall???
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7
On 25/05/2012 15:35, Thomas York wrote:
I have a lab environment set up using two Debian Wheezy servers (Squeeze
doesn't have a new enough kernel or iptables to do TPROXY properly). One of
the servers is a router and the other is a proxy server. There are several
clients connected to the router t
On 16/05/2012 13:39, Sylvio Cesar wrote:
2012/5/15 Amos Jeffries:
On 16.05.2012 13:32, Sylvio Cesar wrote:
Thanks Amos,
2012/5/15 Amos Jeffries:
On 16.05.2012 09:20, Sylvio Cesar wrote:
Hi,
- It possible do cache of port 443 with SSL Reverse Proxy?
Yes.
Where I find information a
On 14/05/2012 19:06, ql li wrote:
搏�'濈-妷雤黔o*^z皑瀢湺*'�)瀡嫮��//==
Hi,
I don't know if you can try English (however bad it might be?).
Thanks
Giles
smime.p7s
Description: S/MIME Cryptographic Signature
you a way.
--
Best Regards,
Giles Coochey, CCNA Security, CCNA
NetSecSpec Ltd
giles.cooc...@netsecspec.co.uk
Tel: +44 (0) 7983 877 438
Live Messenger: gi...@coochey.net
http://www.netsecspec.co.uk
http://www.coochey.net
smime.p7s
Description: S/MIME Cryptographic Signature
On 24/01/2012 19:20, Oliver Marshall wrote:
Nope. Shouldn't really have to hunt in the headers. There should be clear
unsubscribe information present within the email body itself.
Enough, it's an FAQ
http://www.comfsm.fm/computing/squid/FAQ-1.html#ss1.10
smime.p7s
Description: S/MIME Cryp
On 2012-01-19 17:37, Sebastian muniz wrote:
Reading at squid site, looks like NATting outgoing connections to a
squid running on an other box is not a good idea.
Questions:
What is the suggested way to implement this scenario?
How can I get rid of the loop?
THanks in advance.
You might look
erent hostnames.
--
Best Regards,
Giles Coochey
NetSecSpec Ltd
NL T-Systems Mobile: +31 681 265 086
NL Mobile: +31 626 508 131
GIB Mobile: +350 5401 6693
Email/MSN/Live Messenger: gi...@coochey.net
Skype: gilescoochey
smime.p7s
Description: S/MIME Cryptographic Signature
use real problems. I agree that policy routing is a better
implementation, although a lot more complex for some to set up and, I'm
guessing, would probably require a custom kernel recompile for many
distributions.
--
Best Regards,
Giles Coochey
NetSecSpec Ltd
NL T-Systems Mobile: +31 681 2
s to 6.1??
--
Best Regards,
Giles Coochey
NetSecSpec Ltd
NL T-Systems Mobile: +31 681 265 086
NL Mobile: +31 626 508 131
GIB Mobile: +350 5401 6693
Email/MSN/Live Messenger: gi...@coochey.net
Skype: gilescoochey
smime.p7s
Description: S/MIME Cryptographic Signature
ing for Ralf to correct me on that one!! ;-)
--
Best Regards,
Giles Coochey
NetSecSpec Ltd
NL T-Systems Mobile: +31 681 265 086
NL Mobile: +31 626 508 131
GIB Mobile: +350 5401 6693
Email/MSN/Live Messenger: gi...@coochey.net
Skype: gilescoochey
smime.p7s
Description: S/MIME Cryptographic Signature
On 27/01/2011 15:21, Ralf Hildebrandt wrote:
* Giles Coochey:
On 27/01/2011 15:08, Ralf Hildebrandt wrote:
E.g. in Debian it's squid and squid3 -- just check which one is running right
now
He compiled from source though...
Well yes, but if he/she had been running Debian, then the pac
On 27/01/2011 15:08, Ralf Hildebrandt wrote:
E.g. in Debian it's squid and squid3 -- just check which one is running right
now
He compiled from source though...
--
Best Regards,
Giles Coochey
NetSecSpec Ltd
NL T-Systems Mobile: +31 681 265 086
NL Mobile: +31 626 508 131
GIB Mobile:
On 15/10/2010 13:54, jose perez wrote:
Hello.
I run a squid proxy server 2.7 and several pcs access to internet through it on
a network environment.
My windows xp clients cannot time sync to the outside world (time.nist.gov ,
time-a.nist.gov). It is using 3128 port and internet navigation is rig
http://en.wikipedia.org/wiki/X-Forwarded-For
You can turn it off with:
forwarded_for off
http://www.squid-cache.org/Doc/config/forwarded_for/
> On 6/10/2010, at 10:36 PM, Giles Coochey wrote:
>
>> On Wed, October 6, 2010 11:25, Daniel Herbert-Ward wrote:
>>> Hi guys, I woul
On Wed, October 6, 2010 11:25, Daniel Herbert-Ward wrote:
> Hi guys, I would like to change the external IP address of my whole
> network by using squid 3. As in, I know there is a way to show the clients
> IP address of THEIR machine when they go to a site like www.whatismyip.com
> But I have no i
On Wed, September 29, 2010 11:03, Daniel Herbert-Ward wrote:
> I have a internet connection speed of 15mbps. I have a iMac with 512mb of
> ram, with the squid proxy running on that machine (Mac OSX 10.4) The
> machine is setup for others to transparently connect to the proxy via that
> machine. The
21 matches
Mail list logo