You can't transparent proxy FTP or HTTPS only HTTP
There are a couple programs I've seen mentioned to do FTP. I think one was
call frox and the other ITF or something.
HTTPS can't have transparent proxy because the protocol checks for that due to
the possibility of man in the middle attack.
See http://www.tldp.org/HOWTO/mini/TransparentProxy.html
I found the above in section 2.2
Billy
--- nate@riconcorp.com wrote:
> I have squid running as a transparent accelerated cache proxy. I'm
> wondering if I can use this same instance of squid to proxy https and ftp as
> well as http (forget gopher and wais). The main reason why we're running
> squid is for access control (using squidGuard). I'd like to be able to
> filter ftp and https, too.
>
> I assumed I could do:
>
> iptables -t nat -A PREROUTING -p TCP --dport 20 -j REDIRECT --to-port 3128
> iptables -t nat -A PREROUTING -p TCP --dport 21 -j REDIRECT --to-port 3128
> iptables -t nat -A PREROUTING -p TCP --dport 80 -j REDIRECT --to-port 3128
> iptables -t nat -A PREROUTING -p TCP --dport 443 -j REDIRECT --to-port 3128
>
> then configure squid.conf with:
>
> httpd_accel_port 0
> or
> httpd_accel_port 20 21 80 443
>
> But I haven't had any luck. If somebody can tell me how to configure it for
> this, I'd be a very happy person. :)
>
> Thanks,
>
> Nate
__________________________________________________
Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes
http://finance.yahoo.com
Received on Fri Aug 23 2002 - 15:48:16 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:09:49 MST