[ previous ] [ next ] [ threads ]
 
 From:  A dot L dot M dot Buxey at lboro dot ac dot uk
 To:  "Neil A. Hillard" <m0n0 at dana dot org dot uk>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Settings For Squid Transparent Proxy
 Date:  Tue, 7 Feb 2006 22:41:59 +0000
Hi,

> A transparent proxy is ugly and prone to errors, anyway.  My
> recommendation would be to redirect all request for port 80 (except
> those from the machine running squid) to a page on one of your servers
> that instructs the user how to configure their browser to use the proxy.

...if you use the 'automatically detect settings' in your browser
config (IE, Firefox, Safari etc) then it should put out a request for 
the WPAD substantiator:

http://www.wrec.org/Drafts/draft-cooper-webi-wpad-00.txt

bluntly, this means if you have a host responding to that request
eg http://proxy_config:80/wpad.dat and wpad.dat contains the settings
you are all clear.

incidentally

1) this can also be served out as an 'option 252' in the DHCP
response
2) the wpad.dat could be held and served by m0n0wall.... so m0n0wall
could, trivially, support having a web proxy on your LAN/DMZ
which would mean all your clients were happy.

easy eh? ;-)

alan