Re: [squid-users] redirecting FTP and SSL

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sun, 13 Apr 2003 23:27:59 +0200

Florian Effenberger wrote:

> my HTTP connections get redirected to Squid (transparent proxying) with
>
> iptables -t nat -A PREROUTING -i $ETH_INTERNAL -s $LOCALNET -d !
> $LOCALNET -p tcp --dport 80 -j REDIRECT --to-port 3128
>
> which works fine. However, I would like to automatically redirect FTP and
> SSL as well. Some said this works, some said, this does not work.

You can't, not with Squid at least.

Squid is a HTTP proxy. Neither SSL or FTP is HTTP and won't be
understood by Squid if you attempt to intercept these and redirect them
to Squid...

There is other proxies which may work for the purpose. For example FROX
is a FTP proxy which supposedly is capable of handling transparent
interception, and is also rumored to have some integration with Suqid
for caching.

For SSL you need a transparent TCP plug, but most use NAT instead..
(cheaper). SSL is never proxied, only tunelled. (SSL employs end-to-end
encryption and identification, which makes proxying impossible)

> What's true now? :-) Does it work with iptables, or do I have to use a
> proxy.pac File for the browsers to manually set the proxy server?

Strongly recommended for many reasons.

See WPAD for a simple way to simplify the browser configuration to use
proxy.pac..

Regards
Henrik

-- 
Free Squid-users support provided by Henrik Nordström
<hno@squid-cache.org>
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com
Received on Sun Apr 13 2003 - 15:29:39 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:14:57 MST