[ previous ] [ next ] [ threads ]
 
 From:  "Neil A. Hillard" <m0n0 at dana dot org dot uk>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Http request redirect to Squid
 Date:  Tue, 18 Apr 2006 19:25:08 +0100
Hi,

In message <1145383504 dot 10693 dot 57 dot camel at localhost dot localdomain>, Marko
Vukovic <marko at aquamanta dot co dot za> writes
>On Mon, 2006-04-17 at 16:04 -0400, Ernesto Rojas Rodriguez wrote:
>
>> I would like to redirect all http request made to the monowall  by clients
>> of the LAN  to a machine running
>>
>> Squid, to take advantage of this service. I have the Squid running on a Pc
>> on the LAN.
>
>Hi Ernesto
>
>This has been dealt with several times on this list. My suggestion was
>to:
>a) Allow HTTP traffic outbound thru the m0n0wall only for the Squid box.
>b) Enable port forwarding on your Squid box.
>c) Configure Squid for transparent caching.
>d) In your m0n0wall's dhcp configuration, create a custom
><gateway>x.x.x.x</gateway> entry pointing to your Squid box so that it
>becomes the default gateway for your LAN clients.
>
>Ciao!

The best way is to only allow your squid machine out on port 80 and then
configure your clients to use squid, either by hard coding it, from an
auto-proxy-config URL or automatically using WPAD (if the browser
supports it).

Doing it this way also allows you to add authentication if required.

It also allows you to pass HTTPS traffic through the proxy and do
rudimentary access control based on the destination.

Using an intercepting proxy is particularly nasty.  I have 3500 clients
using squid, configured using WPAD and don't have any problems.

HTH,


                                Neil.

-- 
Neil A. Hillard                E-Mail:   m0n0 at dana dot org dot uk