Re: transparent proxying

From: Irfan Akber <irfan@dont-contact.us>
Date: Thu, 10 Sep 1998 18:52:51 -0000

I am using transproxyd. It works fine but it does a lot of logging in
/var/log/messages which causes the system to slow down. Is there a way to
disable the logging. I would appreciate if the section of transproxyd
source can be mentioned.

Irfan Akber

----------
From: Henrik Nordstrom <hno@hem.passagen.se>
To: Ghilde@Arizona.EDU
Cc: squid-users@ircache.net
Subject: Re: transparent proxying
Date: Wednesday, September 09, 1998 11:40 PM

Ghilde@Arizona.EDU wrote:

> I noticed the Squid Caching Update link. In the Stan Barber's Notes
> section there was mention of Squid being able to do transparent
> proxy. This was in the Q & A area.
> I would like to know if anyone has implemented this, how reliable it
> is, and how was it done.

Squid has been able to do transparent caching for a long time. It relies
on external components to rewrite/process TCP in such a way that it
arrives to Squid, and it is in this area that most technical problems
with transparent proxying lies.

There are two widely used TCP hacking implementations that are in use by
people running transparent proxies:

1) Linux 2.0 ipfwadm support (fully supported by Squid).
2) The ip-filter package for many other platforms (partially supported
by Squid).

For full HTTP functionality together with ip-filter redirection a
external daemon is required that interfaces to the address translation
tables maintaned by ipfilter (transproxyd). I have a preleminary patch
that adds the ip-filter lookup functionality to Squid but I have not yet
received a single report wether this patch works or not (I can't test it
myself due to limited resources.. have no machine where ipfilter runs).

It is hard to tell which redirection mechanism that is the best one of
the two. Linux ipfwadm is fast but it has some MTU related problems
(does not work well together with MTU path discovery Squid->client). I
do not know much of the ip-filter implementation, but I would guess that
it shares the same problem at most locations.

---
Henrik Nordström
Sparetime Squid Hacker
Received on Thu Sep 10 1998 - 06:57:04 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:41:56 MST