On Tue, Mar 13, 2007, Steven Wilton wrote:
> Good point. The only problem is that (under Linux at least) we can't find
> out the original destination port (ie if traffic destined for port 80 is
> redirected to port 3128). Would you suggest this as a configuration option
> on a per-port basis? (ie squid can listen to multiple ports, and the port
> that the connection arrives on is used to determine the destination port).
What, this isn't accessible via clientNatLookup() ? Hm! I'm sure I've seen
it supported somehow/somewhere.
> > Make this configurable though. You don't want to allow people
> > to tunnel non-resolvable
> > stuff through without the administrator explicitly deciding to.
>
> You need to have an ACL that allows CONNECT requests destined for port 80,
> otherwise you will get an ACL denied message :)
Again, its a cute hack, and definitely something I'd like to see supported
in future Squid-2.6 versions.
> If there's no objections to applying this change (in principle), I'll
> re-work it to extend commConnectStart().
Certainly not from me, as long as there's a configuration knob that
defaults to off (and we've got somewhere clearly documented which
knobs to turn on to get better transparency behaviour.)
Adrian
Received on Tue Mar 13 2007 - 01:49:41 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Apr 01 2007 - 12:00:01 MDT