On 21/06/2014 1:12 a.m., Omid Kosari wrote:
> I asked this question in
> http://serverfault.com/questions/606373/transparent-proxy-cache-on-bgp-multihome
> please answer me here or there .
>
> Provider A have transparent caching with squid .
>
> In the situation which a client has multihome BGP w
I asked this question in
http://serverfault.com/questions/606373/transparent-proxy-cache-on-bgp-multihome
please answer me here or there .
Provider A have transparent caching with squid .
In the situation which a client has multihome BGP with provider A and
provider B then client does not send it
Hey Eliezer,
Thanks for the pointer...
selinux is disabled. no problem in this side.
Cisco sees it :
cata6#sh ip wccp web-cache view
WCCP Routers Informed of:
192.168.201.165
WCCP Cache Engines Visible:
194.214.158.207
194.214.158.189 <---
WCCP C
Hey,
I did not read the whole setup so sorry but I have written this article:
http://wiki.squid-cache.org/ConfigExamples/UbuntuTproxy4Wccp2
in the past which is very likely to help you to understand.
first disable SELINUX then make sure with tcpdump in what level is the
issue.
Hope it Helps,
E
Hello,
I've configured a transparent proxy as TProxy4
(http://wiki.squid-cache.org/Features/Tproxy4).
But I don't see anything in squid access log.
* OS = Linux Fedora 20.
* Cache log says at start-up :
2014/02/19 12:23:53 kid1| Accepting WCCPv2 messages on port 2048, FD 11.
2014/02/19
Thanks, error went away. All remains is my IPTable rules.
On Sat, Nov 30, 2013 at 7:45 AM, Pavel Kazlenka
wrote:
> On 11/30/2013 03:33 PM, Monah Baki wrote:
>>
>> Hi Amos,
>>
>> Thanks for the explanation. I switched to intercept yet once I restart
>> squid, I am still seeing the "No forward prox
On 11/30/2013 03:33 PM, Monah Baki wrote:
Hi Amos,
Thanks for the explanation. I switched to intercept yet once I restart
squid, I am still seeing the "No forward proxy ports configured".
The same machine later on will also be running IPtables since it has 2
NIC's in it.
You need both one 'inte
Hi Amos,
Thanks for the explanation. I switched to intercept yet once I restart
squid, I am still seeing the "No forward proxy ports configured".
The same machine later on will also be running IPtables since it has 2
NIC's in it.
Monah
On Sat, Nov 30, 2013 at 4:56 AM, Amos Jeffries wrote:
>
On 30/11/2013 10:26 a.m., Monah Baki wrote:
> Hi all,
>
>
> I'm trying to setup a transparent proxy squid 3.3.9 using the following URL:
>
>
> http://www.broexperts.com/2013/03/squid-as-transparent-proxy-on-centos-6-4/
>
> What's the difference between
>
> http_port 3128 transparent
The abov
Hi all,
I'm trying to setup a transparent proxy squid 3.3.9 using the following URL:
http://www.broexperts.com/2013/03/squid-as-transparent-proxy-on-centos-6-4/
What's the difference between
http_port 3128 transparent
and
http_port 3128
If I where to configure with http_port 3128 transparen
Hi Loïc,
Thank you for your tip.
I found the solution.
This helpt me.
Interception Proxying with PF
=
To configure an interception (a.k.a. "transparent") proxy, Squid should be
configured in ${SYSCONFDIR}/squid.conf to bind to a specific address, for example:
http_
On OpenBSD i'm not using the configuration you mentioned for squid with
OpenBSD (5.2).
Here is mine:
# Normal for with WPAD
http_port 3128
# http redirected port
http_port 3129 intercept
# https redirected port
https_port 3130 intercept ssl-bump cert=/etc/ssl/squid.crt
key=/etc/ssl/squid.key
On Mon, 4 Nov 2013 20:15:17 +0100
Marc Sontowski wrote:
> # The internal interface (connected to the local network)
> ext_if="em0"
> # The external interfaces (connected to the ipv4 and ipv6 network)
> int_if="em1"
Strangely enough, your interface macro names are switched in regard to
their corre
On Mon, Nov 04, 2013 at 07:33:18PM +0100, Marko Cupać wrote:
Before we dive deeper into this, let's clarify:
- Do you have OpenBSD as a gateway to the Internet?
Yes
- Are your physical interfaces named em0 and em1?
Yes
- Is em0 connected to LAN, em1 to your ISP?
em0 = ISP
em1 = LAN
- Can
Before we dive deeper into this, let's clarify:
- Do you have OpenBSD as a gateway to the Internet?
- Are your physical interfaces named em0 and em1?
- Is em0 connected to LAN, em1 to your ISP?
- Can you ping some public IP address from OpenBSD box?
- Can you browse the Web through OpenBSD gateway
On Mon, Nov 04, 2013 at 04:33:29PM +0100, Marko Cupać wrote:
On Mon, 4 Nov 2013 16:05:38 +0100
Marc Sontowski wrote:
# Pass all traffic to and from the local network, using quick
so that later
# rules are not evaluated if a packet match this. Some rulesets
wou
On Mon, 4 Nov 2013 16:05:38 +0100
Marc Sontowski wrote:
> # Pass all traffic to and from the local network, using quick
> so that later
> # rules are not evaluated if a packet match this. Some rulesets
> would restrict
> # local traffic much further
>
Hello,
I guess it is an easy setup but i can’t get it work.
The Setup looks like thank:
(Internet) - (DSL-Modem) -- em0 [Soekris] em1- (LAN)
- OpenBSD 5.3.
- Squid 3.2.7 (installation by pkg_add -i squid)
my /etc/squid.conf
#
# Recommended minimum Acc
Hey,
I was wondering to myself?
Why do you intercept traffic using Amazon?
You should host your proxy close enough to have good response time which
is ok if Amazon is close enough.
In order to perform your goal you will need to use the right interfaces
rules in IPTABLES.
What are you using
Setup: VPN <--> SQUID (both in Amazon EC2 classic instances, not VPC)
1) SQUID works fine by itself when I tried by configuring the browser (and
before setting SQUID as transparent proxy).
2) VPN (strongswan) works fine by itself as well.
Now I added a few iptables rules to route traffic to SQUI
On 8/08/2013 11:38 p.m., Alfredo Rezinovsky wrote:
El 07/08/13 16:02, Roman Gelfand escribió:
Is there a way I could control access to various sites based on user
irregardless of workstation they are on? All in transparent proxy.
Thanks in advance
I did this a long time ago.
I had a termina
El 07/08/13 16:02, Roman Gelfand escribió:
Is there a way I could control access to various sites based on user
irregardless of workstation they are on? All in transparent proxy.
Thanks in advance
I did this a long time ago.
I had a terminal server, so all the users came from the same IP.
I
On Wednesday 07 August 2013 at 21:02:53, Roman Gelfand wrote:
> Is there a way I could control access to various sites based on user
> irregardless of workstation they are on? All in transparent proxy.
If it's transparent, you can't get authentication credentials (username /
password).
Since y
Is there a way I could control access to various sites based on user
irregardless of workstation they are on? All in transparent proxy.
Thanks in advance
Em 27/04/13 07:22, James Harper escreveu:
That's not really a useful answer though, is it?
You can't use the regular http "WWW-Authenticate" style authentication, but you
can redirect the user to a captive portal style page and have them authenticate to that,
then redirect back to the original
> On 27/04/2013 8:52 p.m., Amir Mottaghian wrote:
> > Dear All
> >
> > Could you please guide me in order to configure authentication for
> > transparent proxy in squid?
>
> Please see the FAQ:
> http://wiki.squid-
> cache.org/SquidFaq/InterceptionProxy#Why_can.27t_I_use_authentication
> _togeth
On 27/04/2013 8:52 p.m., Amir Mottaghian wrote:
Dear All
Could you please guide me in order to configure authentication for
transparent proxy in squid?
Please see the FAQ:
http://wiki.squid-cache.org/SquidFaq/InterceptionProxy#Why_can.27t_I_use_authentication_together_with_interception_proxy
Dear All
Could you please guide me in order to configure authentication for
transparent proxy in squid?
Regards
Amir.
On 24/02/2013 4:35 p.m., Roman Gelfand wrote:
yep, it is an ip based authentication.
Ah. Which is not authentication. But authorization.
Squid can also do that in transparent mode. The limitation is only about
use of HTTP auth headers on intercepted traffic.
You simply configure an external_
yep, it is an ip based authentication.
On Fri, Feb 22, 2013 at 8:40 PM, Amos Jeffries wrote:
> On 23/02/2013 8:48 a.m., Roman Gelfand wrote:
>>
>> Please, consider the network topology below. I could always configure
>> outgoing http traffic on the firewall to authenticate with firewall
>> user.
On 23/02/2013 8:48 a.m., Roman Gelfand wrote:
Please, consider the network topology below. I could always configure
outgoing http traffic on the firewall to authenticate with firewall
user. How is this different from having squid authenticate in
transparent mode?
That is a good question. *How
Please, consider the network topology below. I could always configure
outgoing http traffic on the firewall to authenticate with firewall
user. How is this different from having squid authenticate in
transparent mode?
WAN
On 21/02/2013 4:42 a.m., Roman Gelfand wrote:
I guess the 2 don't mix as per "NOTICE: Authentication not applicable
on intercepted requests." message.
Would it follow user access control via transparent proxy? or is there
a way around the above limitation?
Please read the Interception Proxy FA
I guess the 2 don't mix as per "NOTICE: Authentication not applicable
on intercepted requests." message.
Would it follow user access control via transparent proxy? or is there
a way around the above limitation?
Thanks in advance
On 27/08/2012 10:38 a.m., Roman Gelfand wrote:
Assuming that configuring client browsers' proxy is not a problem, is
there a good (where good overweighs bad) reason to use squid
transparent proxy feature?
The only other usefulness is to catch unconfigured clients and redirect
them at a "how to
Assuming that configuring client browsers' proxy is not a problem, is
there a good (where good overweighs bad) reason to use squid
transparent proxy feature?
The reason why I am asking is I just skimmed through squid book and
they are not painting a rosy picture around transparent proxy.
Thanks i
On 8/19/2012 10:18 PM, Roman Gelfand wrote:
debian/2.6.26-2-686
Thanks for your help
Then "ip|ipfw"ipf" in not of your concern.
you need linux-netfilter.
Regards,
Eliezer
--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer ngtech.co.il
debian/2.6.26-2-686
Thanks for your help
On Sun, Aug 19, 2012 at 3:14 PM, Eliezer Croitoru wrote:
> On 8/19/2012 10:00 PM, Roman Gelfand wrote:
>>
>> My goal is to make suid as transparent proxy. I see several options.
>> Not sure which one I should be using. I am looking for standard
>> tr
On 8/19/2012 10:00 PM, Roman Gelfand wrote:
My goal is to make suid as transparent proxy. I see several options.
Not sure which one I should be using. I am looking for standard
transparent proxy server.
--enable-ipfw-transparent or --enable-ipf-transparent or --enable-pf-transparent
Thank
My goal is to make suid as transparent proxy. I see several options.
Not sure which one I should be using. I am looking for standard
transparent proxy server.
--enable-ipfw-transparent or --enable-ipf-transparent or --enable-pf-transparent
Thanks in advance
El 04/07/12 02:07, Amos Jeffries escribió:
> On 04.07.2012 07:05, Linos wrote:
>> Hi,
>> i have configured transparent proxy sometimes for the local network LAN,
>> but
>> now i want to actually control the output traffic from the machine
>> running the
>> squid itself without have to configur
On 04.07.2012 13:52, bnichols wrote:
I do it on my routers. If you have a ddwrt enabled router on your lan
you can simply put your squid in transparent mode and add the
iptables
rules/script to your firewall and save, google "DDWRT squid
transparent" and youll find it, or do it on a mikrotik is
On 04.07.2012 07:05, Linos wrote:
Hi,
i have configured transparent proxy sometimes for the local network
LAN, but
now i want to actually control the output traffic from the machine
running the
squid itself without have to configure manually browsers and other
network
programs, i can't get it
Hi,
i have configured transparent proxy sometimes for the local network
LAN, but
now i want to actually control the output traffic from the machine running the
squid itself without have to configure manually browsers and other network
programs, i can't get it to work using iptables, what r
On Tue, 2012-06-26 at 17:30 +1200, Amos Jeffries wrote:
> > Has anyone any idea how to actually Implement that in a system ?
>
> Search for information on "Captive Portal".
You might like to check out my tutorial on how to do it with iptables.
There are various "out of the box" software packages
On 26/06/2012 4:19 p.m., Markus Thüs wrote:
Dear all,
I need to implement a Proxy Solution that works as following:
1. Proxy should be implementable without any changes on the net, it should just
replace the router
Aka You are now required to perform an MITM attack on your clients.
Otherwis
>
> Dear all,
>
> I need to implement a Proxy Solution that works as following:
>
> 1. Proxy should be implementable without any changes on the net, it should
> just replace the router
> 2. Proxy should log any traffic in a logfile with username, ip and connected
> site, should work for http, ft
Dear all,
I need to implement a Proxy Solution that works as following:
1. Proxy should be implementable without any changes on the net, it should just
replace the router
2. Proxy should log any traffic in a logfile with username, ip and connected
site, should work for http, ftp, https.
3. User
On 30/04/2012 23:37, Eliezer Croitoru wrote:
i do remember that something could have been done using iptables also
but it dont remember how it should be done.
what did you tried to do on iptables?
i also found this nice iptables method sample:
http://www.pmoghadam.com/homepage/HTML/Round-robin
On 30/04/2012 23:44, Kirk Hoganson wrote:
I would like to configure our squid proxy (Version 3.0.STABLE19 on Linux
Ubuntu 10.04) to use a pool of addresses for outgoing connections. I
setup squid as a transparent proxy using "http_port 3128 transparent" in
the squid.conf, and then I setup an ipta
I would like to configure our squid proxy (Version 3.0.STABLE19 on Linux
Ubuntu 10.04) to use a pool of addresses for outgoing connections. I
setup squid as a transparent proxy using "http_port 3128 transparent" in
the squid.conf, and then I setup an iptables to provide source nat
address rota
On 23/03/2012 10:23 p.m., zozo zozo wrote:
And also by replacing port 192.168.13.1:3128 with 3128
Now squid tells that it listens to 0.0.0.0:3128, which seems not very right,
but it works
That is right. 0.0.0.0 is the textual display representation of
IPv4-only ANY address.
Amos
And also by replacing port 192.168.13.1:3128 with 3128
Now squid tells that it listens to 0.0.0.0:3128, which seems not very right,
but it works
Wed, 21 Mar 2012 15:22:25 +0400 от zozo zozo :
> Resolved by allowing port 3128 in iptables for ppp0.
> For eth0 it for some reason wasn't required - a
Resolved by allowing port 3128 in iptables for ppp0.
For eth0 it for some reason wasn't required - allowing ESTABLISHED was enough
Tue, 20 Mar 2012 15:53:57 +1300 от Amos Jeffries :
> On 20.03.2012 15:30, zozo zozo wrote:
> > Hi all
> >
> > I've setup squid and it works if I forward network from
I know this is just my opinion, but, if it was me
I would use a dedicated hardware device as the vpn/ppp client
and just pipe that out to a switch to make things less complicated
Like you could use a DDWRT enabled router, or Many other platforms to do
this dirtywork for you.
That way your wo
On 20.03.2012 15:30, zozo zozo wrote:
Hi all
I've setup squid and it works if I forward network from eth0 to wlan0
(ap mode)
But if instead of ethernet I try to use ppp0 packets, squid doesn't
forward stuff, and in access log entries were something like
0_ABORTED
(don't have those logs at hand
Hi all
I've setup squid and it works if I forward network from eth0 to wlan0 (ap mode)
But if instead of ethernet I try to use ppp0 packets, squid doesn't forward
stuff, and in access log entries were something like 0_ABORTED (don't have
those logs at hand, will provide more info tomorrow)
Ports
On 07.03.2012 11:00, pplive wrote:
Dear Amos,
Finally I have solved the problem!
The thing is, when I redirect the http.alt packet from the switch, I
need to modify the dst mac address as the mac address of the squid3
machine.
After doing this, a simple command works as follows:
yeung@nodec1:
Dear Amos,
Finally I have solved the problem!
The thing is, when I redirect the http.alt packet from the switch, I
need to modify the dst mac address as the mac address of the squid3
machine.
After doing this, a simple command works as follows:
yeung@nodec1:/var/log/squid3$ sudo iptables -t nat
Dear Amos,
Thanks for your great hint of "tcpdump gets packets before any of the
iptables etc handling gets done to them" and " We have to rely on
ebtables/iptables LOG functionality for those bits"
Now I start debugging iptables, using
sudo iptables -t nat -A PREROUTING -p tcp --dport 8080 -j LO
On 06.03.2012 11:09, pplive wrote:
Dear Amos,
To see whether there were some internal firewall in my system , I
tried a simpler topology, i.e.,
Client (10.0.0.1) (eth0) -> (eth0) Squid3 (eth1) -> (eth0) Server
(10.0.0.2)
I just follow the setting in
http://freecode.com/articles/configuring-
Dear Amos,
To see whether there were some internal firewall in my system , I
tried a simpler topology, i.e.,
Client (10.0.0.1) (eth0) -> (eth0) Squid3 (eth1) -> (eth0) Server (10.0.0.2)
I just follow the setting in
http://freecode.com/articles/configuring-a-transparent-proxywebcache-in-a-bridge-
Dear Amos,
I did restart the networking.
When I just to review all iptables settings, from tcpdump we can see
09:35:23.830038 IP nodes-links.37711 > noder-linkr.http-alt: Flags
[S], seq 3652549612, win 5840, options [mss 1460,sackOK,TS val
59678297 ecr 0,nop,wscale 6], length 0
09:35:26.827763 I
On 5/03/2012 4:29 p.m., pplive wrote:
Dear Amos,
On Sun, Mar 4, 2012 at 9:44 PM, Amos Jeffries wrote:
On 05.03.2012 06:40, pplive wrote:
Dear Amos,
Thanks a lot! By looking at your URL, I have enter the following
commands in my squid3 machine (my HTTP service is at PORT 8080), the
squid3 prox
Dear Amos,
On Sun, Mar 4, 2012 at 9:44 PM, Amos Jeffries wrote:
> On 05.03.2012 06:40, pplive wrote:
>>
>> Dear Amos,
>>
>> Thanks a lot! By looking at your URL, I have enter the following
>> commands in my squid3 machine (my HTTP service is at PORT 8080), the
>> squid3 proxy machine is at 10.0.3
On 05.03.2012 06:40, pplive wrote:
Dear Amos,
Thanks a lot! By looking at your URL, I have enter the following
commands in my squid3 machine (my HTTP service is at PORT 8080), the
squid3 proxy machine is at 10.0.3.1, HTTP server (noder) is at
10.0.2.1, HTTP client (nodes) is at 10.0.1.1:
yeung@
Dear Amos,
Thanks a lot! By looking at your URL, I have enter the following
commands in my squid3 machine (my HTTP service is at PORT 8080), the
squid3 proxy machine is at 10.0.3.1, HTTP server (noder) is at
10.0.2.1, HTTP client (nodes) is at 10.0.1.1:
yeung@nodec1:~$ sudo iptables -t nat -A PRE
On 3/03/2012 12:51 p.m., pplive wrote:
Dear all,
I try to configure a transparent web proxy through squid 3, here is
the network topology
Users -> Switch -> Internet
Users means a couple of PCs, all of them have public IP, all of them
are connected to a switch. One PC among them is designed
Dear all,
I try to configure a transparent web proxy through squid 3, here is
the network topology
Users -> Switch -> Internet
Users means a couple of PCs, all of them have public IP, all of them
are connected to a switch. One PC among them is designed to be a proxy
machine. The switch is progra
On 1/02/2012 11:53 p.m., jp_listero wrote:
thanks amos,
so, the server side configuration is fine ... and the browser must set
to auto-detect the proxy. Is that correct ?
Yes.
Amos
thanks amos,
so, the server side configuration is fine ... and the browser must set
to auto-detect the proxy. Is that correct ?
2012/1/31 Amos Jeffries :
> On 01.02.2012 12:17, jp_listero wrote:
>>
>> Hi all,
>>
>> I'm at opensuse 12.1 ... with his susefirewall2 ...
>> I configure a transparent
On 01.02.2012 12:17, jp_listero wrote:
Hi all,
I'm at opensuse 12.1 ... with his susefirewall2 ...
I configure a transparent proxy ... all most everything works fine
...
when I try to connect a https site I have different errors:
from messages:
Jan 31 21:12:26 ladificil squid[2588]: parseHttp
Hi all,
I'm at opensuse 12.1 ... with his susefirewall2 ...
I configure a transparent proxy ... all most everything works fine ...
when I try to connect a https site I have different errors:
from messages:
Jan 31 21:12:26 ladificil squid[2588]: parseHttpRequest: Unsupported
method '#026#003#001'
On 05/10/11 03:36, Almighty wrote:
Thanks for that Alex.
I have used wpad in the past but I had to ensure that the browsers had
"Automatically detect settings" ticked. It's for a wireless network so they
are not on our domain. We purely use NTLM for authentication and
verification that they are
our domain. No problems, Im
having a looking at NoCatSplash (catch-and-release) software to see if this
will work.
Thanks again.
-Original Message-
From: Alex Crow [mailto:a...@nanogherkin.com]
Sent: 03 October 2011 17:57
To: squid-users@squid-cache.org
Subject: Re: [squid-users] Transpare
Almighty,
You can't do transparent and NTLM auth together, as in order to do NTLM
the browser must be configured to know it's using a proxy. Unless, as
your handle suggests, you are indeed omnipotent ;-)
This question and ones like it come up a lot - and there is a simple
solution if you are
Hi,
I am redirecting my clients to my proxy server transparently using IPTABLES,
-A PREROUTING -p tcp -m tcp -i eth0 --dport 80 -j REDIRECT --to-ports 8080
I am also using ntlm authentication that forces all connections to
authentication to AD.
The redirect works fine except squid says "Cache
On 13/07/11 19:20, WiNET . wrote:
On Wed, Jul 13, 2011 at 1:20 PM, Amos Jeffries wrote:
Thank you.
Because the way chained proxies work proxy1 is just another client to
proxy2.
Are they both caching? that would make proxy1 only pass requests through
proxy2 when the object is expired/stale.
On Wed, Jul 13, 2011 at 1:20 PM, Amos Jeffries wrote:
> Thank you.
>
> Because the way chained proxies work proxy1 is just another client to
> proxy2.
>
> Are they both caching? that would make proxy1 only pass requests through
> proxy2 when the object is expired/stale. In that case both proxies
On 13/07/11 16:53, WiNET . wrote:
On Wed, Jul 13, 2011 at 11:45 AM, Amos Jeffries wrote:
Please explain...
What type of "transparent"? and how is the network "set"?
What type of "transparent"?
And how exactly do you configure "over" transparency from the client end?
i only know how se
On Wed, Jul 13, 2011 at 11:45 AM, Amos Jeffries wrote:
>
> Please explain...
>
> What type of "transparent"? and how is the network "set"?
>
> What type of "transparent"?
> And how exactly do you configure "over" transparency from the client end?
>
i only know how set the usual one, i don't kno
Please explain...
On Wed, 13 Jul 2011 10:32:28 +0800, WiNET . wrote:
i see when a network set to transparent proxy
What type of "transparent"? and how is the network "set"?
over another transparent
proxy,
What type of "transparent"?
And how exactly do you configure "over" transparency
i see when a network set to transparent proxy over another transparent
proxy, the proxy won't get any cache from the other one. is there any
way to work with this?
On 20/04/11 19:49, cc wrote:
Amos Jeffries wrote:
Only if the first of those rules is broken.
... -i $INET_IF -s $INET_IP matches traffic from another machine called
$INET_IP outside the current box.
Hi Amos,
I don't seem to be getting anywhere.
Given that I redirect all outgoing port 80
Amos Jeffries wrote:
> Only if the first of those rules is broken.
>
> ... -i $INET_IF -s $INET_IP matches traffic from another machine called
> $INET_IP outside the current box.
Hi Amos,
I don't seem to be getting anywhere.
Given that I redirect all outgoing port 80 traffic to the localhost:3
On 20/04/11 18:19, cc wrote:
Hi Amos,
Amos Jeffries wrote:
LO_REDIRECT=3129
$IPTB -t nat -A PREROUTING -i $INET_IF -s $INET_IP -p tcp \
--dport $HTTP -j ACCEPT
$IPTB -t nat -A PREROUTING -i $DMZ_IF -p tcp -s $LAN_NET --dport $HTTP \
-j REDIRECT --to-
Hi Amos,
Amos Jeffries wrote:
>> LO_REDIRECT=3129
>> $IPTB -t nat -A PREROUTING -i $INET_IF -s $INET_IP -p tcp \
>>--dport $HTTP -j ACCEPT
>> $IPTB -t nat -A PREROUTING -i $DMZ_IF -p tcp -s $LAN_NET --dport $HTTP \
>> -j REDIRECT --to-ports $LO_REDIRECT
On 20/04/11 16:18, cc wrote:
Hi,
I have a firewall which also serves as a transparent proxy
system. So all forward 80 ports are sent to the localhost(I
think)'s 3129 port.
I've read
http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect,
and my netfilter rules are:
LO_REDIRECT=31
Hi,
I have a firewall which also serves as a transparent proxy
system. So all forward 80 ports are sent to the localhost(I
think)'s 3129 port.
I've read
http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect,
and my netfilter rules are:
LO_REDIRECT=3129
$IPTB -t nat -A PREROUTING -
On 16/04/11 08:52, Henry Yuan wrote:
Hi folks,
A caveat, I don't have practical network management experience, so the
following could be totally nonsense
Hi folks,
A caveat, I don't have practical network management experience, so the
following could be totally nonsense
---
On 06/04/11 20:28, Paweł Mojski wrote:
Hi Guys;
I'm new one on the list so at the beginning I'd like to say hello to all
regular readers :)
I'm using squid (3.1.1 at this moment) in huge service and I'm wondering
about one think.
c) Can squid proxy SSL requests transparently ?
Yes. But on
Hi Guys;
I'm new one on the list so at the beginning I'd like to say hello to all
regular readers :)
I'm using squid (3.1.1 at this moment) in huge service and I'm wondering
about one think.
c) Can squid proxy SSL requests transparently ?
Yes. But only for one definition of "transparent
On Wed, 06 Apr 2011 08:40:32 +1200, Mike Bordignon (GMI) wrote:
Hello
I'm using squid 3.1.6 on Debian Squeeze. I run two instances of squid
- on port 3128 and 3129. The instance on port 3128 services my LAN
clients, authenticating via Kerberos/negotiate. The other instance
acts as a transparent
Hello
I'm using squid 3.1.6 on Debian Squeeze. I run two instances of squid -
on port 3128 and 3129. The instance on port 3128 services my LAN
clients, authenticating via Kerberos/negotiate. The other instance acts
as a transparent proxy (via a DNAT rule on a router).
I have two questions.
Hello all,
Anyways I sorted it my self. The problem was with my ip configuration.
I have created IP Aliasing in my LAN nic. that is it had 2 IPs. one
in 10.10.10.1 which is the gateway for my one set of LAN clients. The
other was 192.168.1.150 which I was supposed to add to add other
clients. But
On 04/02/11 00:50, Jayakrishnan wrote:
Dear all,
I am shamed to tell you that I have same old problem with transparent
proxying. Please help me out with this.
Sure.
Answer:
it is not possible to "transparent proxy" any protocol other than
plain HTTP with Squid.
There you go. Problem solv
Dear all,
I am shamed to tell you that I have same old problem with transparent
proxying. Please help me out with this.
I have created a squid 2.6 stable 21 proxy on RHEL 5.4 (Default rhel
squid package). A caching DNS Server on the same machine. IPTABLES for
packet filtering and for maing proxy
On 08/01/11 05:43, Alibek Bolatov wrote:
OS: CentOS 5,5, 2.6.18-194.26.1.el5
Squid 2.6.STABLE21 (from repo, with --enable-wccpv2 options)
Cisco 7201 (Cisco IOS Software, 7200 Software (C7200P-IK91S-M),
Version 12.2(31)SB17, RELEASE SOFTWARE (fc1), image file
c7200p-ik91s-mz.122-31.SB17.bin)
I ca
OS: CentOS 5,5, 2.6.18-194.26.1.el5
Squid 2.6.STABLE21 (from repo, with --enable-wccpv2 options)
Cisco 7201 (Cisco IOS Software, 7200 Software (C7200P-IK91S-M),
Version 12.2(31)SB17, RELEASE SOFTWARE (fc1), image file
c7200p-ik91s-mz.122-31.SB17.bin)
I can not configure a transparent proxy.
I here
1 - 100 of 572 matches
Mail list logo
