[squid-users] Problems Still: Authentication, Redirector and Accelerator/Transparent Mode

Hello,

Okay, I have installed Squid 2.6, and still need some help figuring out how to get my NoCat WiFi Gateway to talk to Squid in
authentication mode and squidGuard.

Quick reminder:

NoCat is on the same server (192.168.1.241) that hosts Squid. NoCat is bound to port 5280 and services a wireless access point
attached to eth1. DHCP is serving IPs in the 10.10.1.0/24 block on eth1.

I am trying to get my wireless customers to authenticate through Squid and get redirected to squidGuard for content filtering based
upon username.

I have iptables setup to redirect port 80 to port 3128.

My problem is that when users connect to the NoCat gateway, they get the login prompt from Squid for every page that they go to on
the Internet.

In a previous message, Henrik responded:

<quote>
What you have done now by enabling the combination of transparent
interception + authentication is that you have stole the web server
authentication channel, which is both unique to each web server and
meant for the web server not the proxy.
<end quote>

I am way out of my understanding about different layers of tcp communication, but what I need to know is how I can restore the web
server authentication channel while still maintaining Squid in authentication and accelerator/transparent modes? Is this a matter
of opening other ports? I can rewrite NoCat to make it communicate to Squid anyway necessary (famous last words), so what do I need
to do to maintain the "web server authentication channel" ?

Something else that puzzles me! To experiment, I disconnected the wireless access point and disabled the NoCat gateway, and
connected a laptop with a cross over cable directly to the nic on eth1. The laptop got assigned an address of 10.10.1.234 and I
still had iptables redirecting tcp traffic on eth1 and 10.10.1.0/24 addresses to port 3128. Under this experiment, when i try to
access http://www.google.com on the laptop, I do not get prompted by Squid to login, but just get an error from Squid about an
invalid address. However, if I setup IE on the laptop to point it at 192.168.1.241 port 3120, I get the login prompt and directed
to google after I login.

Please bear with me here if I ask stupid question. So, when I connect to Squid through IE setup to use a proxy, I keep the "web
server authentication channel" alive, but when I turn off using a proxy in IE, the "web server authentication channel" gets broken.
Is this a hopeless effort that I am trying to accomplish?

Thanks,

Murrah Boswell
Received on Tue Nov 21 2006 - 10:34:31 MST