[ previous ] [ next ] [ threads ]
 
 From:  "Don Munyak" <don dot munyak at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  dansguardian squid transparent proxy rdr
 Date:  Wed, 27 Dec 2006 10:27:30 -0500
re: dansguardian squid transparent proxy rdr

I have implemented a transparent proxy solution which is working
flawlessly for http(80).
I am hoping someone will help me or direct me to a solution for http(443).
I believe part of the solution is m0n0wall related, with respect to
ssl redirection.
The other half would be dansguardian accepting ssl connections properly.

M0n0wall is our gateway with three(3) nics.

xl0 - wan
rl0 - dmz - 192.168.9.0/24
rl1 - lan - 192.168.20.0/24

The transparent proxy is:

FreeBSD 6.1-RELEASE
IP: 192.168.9.3
Squid ver 2.5-STABLE14
Dansgaurdian ver 2.8.0.6
ipf enabled and configured

After searching m0n0wall threads, I came across the following to add
to the xml file. This rule allows (or requires) all outbound port 80
requests to be redirected to the squid server in the DMZ. No
re-configuration for LAN client browsers required.

<nat>
	<rule>
		<protocol>tcp</protocol>
		<external-port>80</external-port>
		<target>192.168.9.3</target>
		<local-port>8080</local-port>
		<interface>lan</interface>
		<descr/>
	</rule>
</nat>

What do I need to add for SSL content redirection?

As a side note, does anyone have a recommendation for a "custom port"
for m0n0wall https webGUI, so that access to m0n0wall doesn't get
redirected through proxy ?

Thanks

~ Don