Sergio Belkin wrote:
> 2008/6/7 Amos Jeffries <squid3_at_treenet.co.nz>:
>> Sergio Belkin wrote:
>>> 2008/6/5 Amos Jeffries <squid3_at_treenet.co.nz>:
>>>> Sergio Belkin wrote:
>>>>> Hi,
>>>>> I'd want to know if it's possible allos MSN usage along transparent
>>>>> proxy.
>>>> Possible. But not always easy. It depends highly on the type of network
>>>> you
>>>> have setup (a level of NAT between the client and squid kills it fairly
>>>> well).
>>> The schema is as follows:
>>>
>>> A user connect with his notebook via Access Point which has OpenWRT
>>> installed. OpenWRT has DNAT rules:
>>>
>>> iptables -t nat -A prerouting_rule -i br0 -p tcp --dport 80 -j DNAT
>>> --to-destination $SQUID_IP:8080
>>>
>>> iptables -t nat -A prerouting_rule -i br0 -p tcp --dport 1863 -j DNAT
>>> --to-destination SQUID_IP:8080
>> That NAT happening on the AP would break squid transparency.
>> The AP needs to do policy-routing to pass only the port-80 packets to the
>> squid box.
>> http://wiki.squid-cache.org/ConfigExamples/LinuxPolicyRouteWebTraffic
>>
>> The NAT part appears to be right, but the Squid box should be the one doing
>> it.
>
> So But why is web browsing working fine?
Web browsing will work as long as your packets are reaching Squid. What
wil be going wrong there is that your squid will be logging and doing
ACL security checks on the wrong IPs for clients.
>
>> There is something about authentication too with MSN,
>
> Where can I red about it?
I don't know I found a mention in google, but it was not very helpful.
>
>> full TPROXY may be
>> needed for that one.
>>
>>> (I've tried the last one and even redirecting 1050, but I'm not sure
>>> if that's right)
>>>
>>> Users can browse the web with no problems using transparent proxy
>>> (except SSL sites of course) but they fail to use MSN.
>>>
>>>
>>>> MSN is _supposed_ to have automatic failovers to port 80 that use HTTP.
>>>> But
>>>> that depends on what other paths it can find through your network first.
>>>>
>> Amos
>> --
>> Please use Squid 2.7.STABLE1 or 3.0.STABLE6
>>
>
>
>
-- Please use Squid 2.7.STABLE1 or 3.0.STABLE6Received on Sun Jun 08 2008 - 00:18:06 MDT
This archive was generated by hypermail 2.2.0 : Sun Jun 08 2008 - 12:00:04 MDT