Re: [squid-users] Transparent proxy with MSN

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 07 Jun 2008 16:36:29 +1200

Sergio Belkin wrote:
> 2008/6/5 Amos Jeffries <squid3_at_treenet.co.nz>:
>> Sergio Belkin wrote:
>>> Hi,
>>> I'd want to know if it's possible allos MSN usage along transparent proxy.
>> Possible. But not always easy. It depends highly on the type of network you
>> have setup (a level of NAT between the client and squid kills it fairly
>> well).
>
> The schema is as follows:
>
> A user connect with his notebook via Access Point which has OpenWRT
> installed. OpenWRT has DNAT rules:
>
> iptables -t nat -A prerouting_rule -i br0 -p tcp --dport 80 -j DNAT
> --to-destination $SQUID_IP:8080
>
> iptables -t nat -A prerouting_rule -i br0 -p tcp --dport 1863 -j DNAT
> --to-destination SQUID_IP:8080

That NAT happening on the AP would break squid transparency.
The AP needs to do policy-routing to pass only the port-80 packets to
the squid box.
   http://wiki.squid-cache.org/ConfigExamples/LinuxPolicyRouteWebTraffic

The NAT part appears to be right, but the Squid box should be the one
doing it.

There is something about authentication too with MSN, full TPROXY may be
needed for that one.

>
> (I've tried the last one and even redirecting 1050, but I'm not sure
> if that's right)
>
> Users can browse the web with no problems using transparent proxy
> (except SSL sites of course) but they fail to use MSN.
>
>
>> MSN is _supposed_ to have automatic failovers to port 80 that use HTTP. But
>> that depends on what other paths it can find through your network first.
>>

Amos

-- 
Please use Squid 2.7.STABLE1 or 3.0.STABLE6
Received on Sat Jun 07 2008 - 04:36:31 MDT

This archive was generated by hypermail 2.2.0 : Sat Jun 07 2008 - 12:00:03 MDT