Re: Transparent?

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sun, 22 Feb 1998 13:42:43 +0100

Ming Lu wrote:
>
> That was the problem. So far I did not have any problem to
> implemete the transoarent proxy with port 80, but not anything
> else, the only thing I see is to tweak the router to translate
> the port # from 80 to something else...

Are you saying that you want to transparently proxy port 80 traffic, by
using a Squid server on a port other than 80?

If this is the case, then it can be done. It is only a matter of telling
your host which port it should redirect foreign traffic to.

To transparently proxy port 80 traffic, using Squid on port 3128:

If using Linux ipfwadm:
ipfwadm -I -a accept -W <interface> -P tcp -D thishost 80
ipfwadm -I -a accept -W <interface> -P tcp -D 0.0.0.0/0 80 -r 3128

If using ipfilter:
rdr <interface> 0.0.0.0/0 port 80 -> 127.0.0.1 port 3128

If you want to run something else off port 80 then you have allow this
traffic thought without being redirected. The ipfwadm ruleset above
takes care of this, but I don't know how this is done with ipfilter.

If you are asking how to implement a transparent proxy for other
protocols than HTTP (port 80) then it is done in the same way, but
requires other software than Squid, as Squid is a HTTP proxy server, and
can't be used to proxy other protocols.

Some are confused by the fact that Squid (and most other HTTP proxies)
can "proxy" FTP,Gopher and other protocols. When using a HTTP proxy to
proxy other protocols than HTTP the proxy acts as a gateway, translating
the protocol to/from HTTP. All communication to/from the clients is done
using HTTP. This is one of the reasons why a HTTP proxy server can't
transparently proxy FTP.

---
Henrik Nordström
Sparetime Squid Hacker
Received on Sun Feb 22 1998 - 05:25:49 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:38:56 MST