[ previous ] [ next ] [ threads ]
 
 From:  "Frans King" <frans dot king at f333 dot net>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Transparent HTTP proxy
 Date:  Sun, 13 Feb 2005 01:50:49 -0000
> -----Original Message-----
> From: MrManiac's Listings [mailto:mrmaniac dot lists at gmail dot com]
> Sent: 13 February 2005 00:19
> To: 
> Subject: Re: [m0n0wall] Transparent HTTP proxy
> 
> Hi!
> Is it your intention, that squid runs on port 8080, but your redirect
> rule points to port 3128?
> 
> 
> On Sat, 12 Feb 2005 19:38:55 -0000, Frans King <frans dot king at f333 dot net>
> wrote:
> > I read in the m0n0wall documentation that transparent proxying is not
> > supported because of the issue of figuring out what the actual HTTP
> request
> > is. I have pretty much the same situation as described here
> >
> http://m0n0.ch/wall/list/?action=show_msg&actionargs%5B%5D=106&actionargs%
> 5B
> > %5D=46:
> >
> > WAN
> > |
> > |
> > M0n0-----DMZ (proxy server = 10.0.1.2)
> > |
> > |
> > |
> > LAN (clients - 10.0.0.0/28)
> >
> > The idea is to have HTTP traffic forced through the proxy server which
> is in
> > fact possible with m0n0wall and squid under linux.
> >
> > I followed the squid docs on transparent proxies
> > (http://www.squid-cache.org/Doc/FAQ/FAQ-17.html) adding these lines:
> >
> > http_port 8080
> > httpd_accel_host virtual
> > httpd_accel_port 80
> > httpd_accel_with_proxy  on
> > httpd_accel_uses_host_header on
> >
> > to my squid.conf so that squid recognizes hijacked connections.
> >
> > Then I added a redirect rule in m0n0wall via exec.php:
> >
> > cat "rdr rl0 0/0 port http -> 10.0.1.2 port 3128" > rules
> > ipnat -f rules
> >
> > And low and behold any traffic on port 80 going into my LAN interface is
> > redirected to the squid proxy.
> >
> > Obviously this will not work for situations where the proxy server
> resides
> > on the LAN interface but with some tweaking of the redirect rule it
> should
> > be possible.
> >
> > Also I don't know about other proxy servers and whether they can
> intercept
> > hijacked connections.
> >
> > Regards,
> >
> > Frans
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch


No squid is running on 3128 but if wanted to run squid on 8080 then all I
would need to do is alter the redirect rule to direct traffic to 8080
instead of 3128.