On 6/28/05, Charl Papenfus <charl.ipsec@webmail.co.za> wrote:
> I want to channel ALL traffic going to the internet (HTTP, HTTPS, FTP, etc)
> through squid. I want to do away with a NAT gateway completely.
> Any simple way to do this?
Squid in transparent mode will NOT magically take Internet traffic on
TCP/21 and proxy/cache it. Encrypted (HTTPS) traffic is also an issue,
and you don't gain much by trying to transparently proxy HTTPS.
If you can configure browser clients to *explicitly* use the Squid HTTP
as a non-transparent proxy (via manual proxy settings, PAC, WPAD, etc)
so the browsers always talk to the Squid listener on 3128 as the proxy for
all *browser* traffic for all protocols, then *browsers* won't be
trying to go out
via default route, and you can turn off your NAT rule.
But not all traffic is sourced from a browser. While just about every
modern HTTP/HTTPS client library (Java, Perl, etc) can be manually
configured to point to a HTTP proxy, with some effort, FTP is a whole
other problem. And then there's RealAudio, and IRC, and WMA, and ...
> Is it a case of running squid in accelerator mode and doing something like:
>
> Iptables -t nat -A POSTROUTING -o <wan_interface> ....... -j REDIRECT to
> port 3128 ???
That would be a Linux question.
Received on Tue Jun 28 2005 - 16:54:52 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Jul 01 2005 - 12:00:03 MDT