Re: [SQU] identd question

Intercepting proxy is the correct term for what is often called transparent proxy. Transparent proxy is defined in rfc 2616 and is
short hand for "semantically transparent" - doesn't change the meaning of the http protoocl exchanges.

Ident looks up the owner of a tcp connection on your client machines by a local port/remote port pair.

ie if machine A has a connection from port 32012 to machine B port 80, then machine B can ask machine A for the username belonging
ot (32012,80). No one else can ask this, because that would be a significant security hole.

When you use a intercepting proxy C , the proxy is not listed in machine A's list of connections - machine B is. Thus machine B will
never answer questions from proxy C.

Ths issue has nothing todo with bound ports on the proxy server, rather the violation of TCP/IP and HTTP protocol rules that is
occuring.

Rob

----- Original Message -----
From: "Brad Waite" <brad@ssbaptist.net>
To: <squid-users@ircache.net>
Sent: Thursday, February 15, 2001 10:00 AM
Subject: [SQU] identd question

> Hi all,
>
> I'm running squid and squidGuard on a FreeBSD firewall in transparent proxy
> mode. While ident lookups work when I'm running in non-xparent, they don't work
> otherwise. The FAQ (12.39 Why doesn't Squid make ident lookups in interception
> mode?) talks about interception mode, and I'm guessing it's referring to a
> transparent proxy. Am I correct in assuming this?
>
> If so, I'm not really sure why squid still can't do the identd lookups.
> Couldn't one define (in the conf file) the local port to bind to and a flag for
> transparent mode? Yeah it seems like a hack, but I'd rather not have to change
> 50 machine's proxy settings (and have to maintain 'em).
>
> Thanks,
>
> --
> Brad Waite brad@ssbaptist.net
> Media Director - South Sheridan Baptist Church
>
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
>
>

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html