Re: [squid-users] Will transparent proxying with SSL work?

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sat, 28 Apr 2001 22:28:09 +0200

masquerade is just one form of NAT (many to one NAT).

The masquerade router may well run any services it likes. Therestricton
is that machines behind the masquerade router cannor run services
intended to be contacted by machines on the other (public) site.

NAT comes in many forms. Static 1-1 NAT is only one.

Transparent proxying of SSL in Squid does not make sense as there are
other much better mechanisms doing essentially the same functionality on
all platforms supporting transparent proxying. Also, SSL proxying has
very little in common with HTTP proxying due to the encryption of all
data.

--
Henrik Nordstrom
Squid Hacker
Kenneth Stephen wrote:
>         Thanks for the quick response. I am using Linux - so there is no
> question that it is capable of doing Masquerading or NAT. However, my
> understanding is that it is not possible to run servers on masqueraded
> machines. Clients yes, but not servers. Correct me if I am wrong.
> 
>         Also, for NAT, I beleive there is a requirement that there be a one to
> one mapping from private ips to real ips. Unfortunately, a shortage of
> real ips is what drove us to using private ips in the first place. So
> its not possible for us to use NAT.
> 
>         Might I enquire as to the reason that Squid does not support
> transparent proxying of SSL? Is this technically impossible, or is it
> that the code hasnt been written yet? Does Squid support forward
> (normal) proxying of SSL?
> 
> Thanks,
Received on Sat Apr 28 2001 - 14:33:01 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:39 MST