[ previous ] [ next ] [ threads ]
 From:  Marko Vukovic <marko at aquamanta dot co dot za>
 To:  "Graham, Robert" <rgraham at mem dash ins dot com>, m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Transparent Proxy Support
 Date:  Tue, 22 Nov 2005 23:04:38 +0200
Graham, Robert wrote:
> Marko,
> The whole reason wy we need this feature is for URL filtering with
> SecureComputing's "Smartfilter" product.  In our Production LAN
> environment, we have the client configured to point to the squid
> server for both http and https, and it works fine.  In this project,
> we are going to provide wireless capabilities for our board members
> and vendors and we want to make it as transparent as possible and not
> reconcigure there clients everytime they visit.  As far as the ftp is
> concerned, since we changed the gateway of the clients to point to
> the squid server, how would you go about redirecting them to the
> m0nowall?

That's the whole point. Regardless of what filter you're using and 
whether you are intercepting or not, the Squid machine becomes the 
default gateway for clients. As I mentioned in my first email, you turn 
on packet forwarding.
echo 1 > /proc/sys/net/ipv4/ip_forward

There is no proxy configuration whatsoever on the client side.

You won't be able to intercept HTTPS for the same reason why you cannot 
do it with FTP, ie. the browser is not talking the correct protocol.