|
||||||||||
I read in the m0n0wall documentation that transparent proxying is not supported because of the issue of figuring out what the actual HTTP request is. I have pretty much the same situation as described here http://m0n0.ch/wall/list/?action=show_msg&actionargs%5B%5D=106&actionargs%5B %5D=46: WAN | | M0n0-----DMZ (proxy server = 10.0.1.2) | | | LAN (clients - 10.0.0.0/28) The idea is to have HTTP traffic forced through the proxy server which is in fact possible with m0n0wall and squid under linux. I followed the squid docs on transparent proxies (http://www.squid-cache.org/Doc/FAQ/FAQ-17.html) adding these lines: http_port 8080 httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on to my squid.conf so that squid recognizes hijacked connections. Then I added a redirect rule in m0n0wall via exec.php: cat "rdr rl0 0/0 port http -> 10.0.1.2 port 3128" > rules ipnat -f rules And low and behold any traffic on port 80 going into my LAN interface is redirected to the squid proxy. Obviously this will not work for situations where the proxy server resides on the LAN interface but with some tweaking of the redirect rule it should be possible. Also I don't know about other proxy servers and whether they can intercept hijacked connections. Regards, Frans |