Re: Help w/ Transparent Caching

This post may be premature (the code certainly is - usual disclaimers
apply). For a situation fitting a number of PPP dialin lines connected
to 1 linux box (A) and a seperate linux box running Squid (B). I've
included the ipfwadm filtering rules and the code for a transparent
proxy daemon (started from inetd for now). Both the rules and daemon
should be installed on box A, not B.

I have the normal httpd server running on the same box as the ipfwadm
rules so I've taken steps to allow normal access to the httpd server.
Also because transparent proxying only affects the incoming queue, any
port 80 access originating on box A to the outside doesn't get re-directed
by the transparent proxy rules. So make sure any text browsers on A are
configured to use the proxy.

$ ipfwadm -I -a accept -P tcp -S 0.0.0.0/0 -D 127.0.0.1/32 80 -r 80
$ ipfwadm -I -a accept -P tcp -S 0.0.0.0/0 -D A.A.A.A/32 80 -r 80
$ ipfwadm -I -a accept -P tcp -S 0.0.0.0/0 -D 0.0.0.0/0 80 -r 81

And here is the code, you need to edit it a bit, it's been gzip'ed and
uuencoded to save space. Install it to run by inetd on port 81.

If you don't have a httpd running, I wouldn't change things to run
the daemon on port 80. Because if somebody telnets to port 80 on
your box, the daemon will intercept this and contact the proxy
who will try and re-connect to the box. So Squid will now be talking
to the daemon which will try contacting Squid again and you end up
with a _lot_ of daemons running at an ever increasing rate. The
daemon should probably be able to detect a request of this nature
and return some error message.

begin 644 transproxy.c.gz
M'XL(",)N!#,"`W1R86YS<')O>'DN8P#%5WMOVS80_UOZ%+<42^14L9VA&XJX
M+A`TCQIKXB!QD6U=83`2'1&128VBZWI#OOON*$J6_$B#`L."P+;NQ;O?/7CJ
M[,,7,3UB`DS>?P7YO/_*AWTPFLD\T^KKX@@?B3)*1`[XSQR/:2X-6!'(N?["
M=1L&AB1RP[3A,4RTFH*0W,1@E)41$2=3[T>C*]#\KQG/#1K4O&XR70"+(IZ1
M!29CR%B><VO!)!QN;V^+,\G.1&E(4"85\KZ-A([OOQ`R2F<QAS?Y(N\8,>7M
MY.T*-5?1`S=-.GI)GG:$;-*9SEB'.&OB\=V:Y53=K]!,+-0:*16KJD93!%O,
M^2]B/D$7X.IZ^-OOWHX-ORW3J$UNL=G.4F!X/?)>=U]W?1]S8$2$Z!N(E)0\
M,F.CQE8UB!*F8=_^#B%/E,8TXD>KY_L=F^H+)B2D2F4%J&1DBJ3@BQ)QR__'
M]]#A662`@&1QK,=">O3=V\BA,A@[-IKRZ"_E,@2!!/*%""*S(I\.?_E<HUK5
M)JNT<*?5'$L*^M"M46U0-0/[>98*@X1)/,ZYE=&<Q>-);'VU&#E9+"+^Z:>?
M[2%-CN3S<8WK>RKC$I,3["R[9">$#\/S\=7@I/AQ<GQZ,;PD2#W$U$-0CPT6
M,'9'I@C/HBT2MNR660YZ)B46`LR%28!J1]H.P%]J9JP1C*'L!#0P5_JA3*]0
MLHT]RF$B=.Z.FG.(%77D/:DEW)H87`'!R?/<FBEQG*,K"$V*[6?T@KS`<YQM
MV[X*S5D#$9-H4'+-#,=I@.%GJ%_O:2"TVB3<\2G5F*1<_,W5)*"36Y2O"03H
M%)6)9%,>=$,(5DH']EN[]!W"+IIHP1OHMGP/B\\K6B,@F&^/KR\'E^<A[-2M
MM7;H#"]*5<Y)TC[QK\($A_3S<<6IJD!KGF6<ZZ<\JW2>[UYE\ION537S3DF<
MJS9WC;PIQ-T-#9*SLJ/AR1`.*.$,3BYO,!>HFG/JXX=9!DH6-8&Z,Z2211:9
M&4LA4;DAO\J$H>$H6P2N[4);JF-I%+/9:^="%F"U>I5LO4_K"A5*#2V_#M'@
M\FR(^)PK4U6/O3=^S.'@+7YB8ZU8S\I<53"=%^4-2HM[(3&D[75(W4\Y)4Y8
M%@`]%.%@YT4)!)11F\R((58'AT?;TFK-M0J/RTZ:,)'R^.D<X_CB[*'G#N@>
M;1;M-D1K=7'%M,MA/5*8)P*]QR2KB67B_3B%B]/1^^$)=#Y>#VR3=@[;76OD
MEH.=CE;4ZM_A2.%<6H)3H_F#FB6(=.,&A58?+C]^^(#YL",8O]X`PM:#ER^%
M:P1J)3LWQ6?H]V$/]I!A.5Y%AKT_NWL4I5=:W2UX\!(./UM&&3_U;;,WRME$
M_A:WHG.SV$KZZU>?O4)#>U'6"^A6"\/=5)TW,24`F%R`0JZ&F!E6'D+A%4[_
M4&"QWO^NN!NS$?VU5;VL8XH=>]E,@O*F01VL_\28[*C3L=(%M:XS)Y\#=XLO
M%;$C,0V5I=:ZK/4YI&3AN'#B5A0?R_G(TYP7T314BR.H.];F%*Y/,ZR@A=W7
MZ/H@J!H55?:'7>KJV;)%U>LY^,Y.QG^<7@^#77=1VP"0>',Z"IP)G+D;F,['
M&LO5(+85%D'!I[):RH2NAI>?Y2`ORG1CSSMS;HJO]&V]QQ]+!]#!P<UF_Y<=
ML1Q/E=3F(>6MC"EGH#:JOG-8K<52#Z;6A[6AM46ENZ:"&RJ;I:;0V5Y3#9W'
MC1BNIGD3@@W3_PE^13']C^BM%,EV_"R$C7,T-S,MP9[S^'VO"D^_!)3;.)D;
M$W_Y8D#+!B?V?H)?U**4W*"2I*W,OIX%QV<X/D]'(=P,W_TZOAE=GQY?A-B;
MWURUG/XSMBQ[-/F!I^*"1K[=+>R*9B/&H_K;)GMCLZLI/N/4:A^:L*E(Z9IR
MH?9J/$(9.8E1,@_<VYDWY5/:MG8;&U4(%,'!V\0]U3;ME:V+PG497@+^U.)=
97]J_"7MI^1D(E`58.6$+\5]B&*<HBA```,'!
`
end
-- +------------------------------------------------------------+
        . | John Saunders - mailto:john@nlc.net.au (EMail) |
    ,--_|\ | - http://www.nlc.net.au/ (WWW) |
   / Oz \ | - 018-223-814 or 02-9477-2881 (Phone) |
   \_,--\_/ | NHJ NORTHLINK COMMUNICATIONS - Supplying a professional, |
         v | and above all friendly, internet connection service. |
              +------------------------------------------------------------+
Received on Fri Feb 14 1997 - 07:35:10 MST