Re: Squid Interception Proxying Troubles

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\JT Moree at <-
MM\JT Moree at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Erik Bixby
Date:  
To: Main PLUG discussion list
Subject: Re: Squid Interception Proxying Troubles
As I said in my initial post, I have read every word of Squid's FAQ on
the matter, and I have my iptables set up properly:
root@filter:~# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
REDIRECT   tcp  --  anywhere             anywhere            tcp
dpt:www redir ports 3128


Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination


Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
root@filter:~#


I have no expectation that we will be filtering SSL. There was a post
on the matter earlier, from someone else. Perhaps, you are confusing
the two. Although, I do appreciate your attention and willingness to
try and help.

Where I've run into trouble is it seems as though I have everything
setup properly. Squid works if you connect directly to it. The GRE
tunnel establishes a connection to the router. Squid registers itself
with the router and is recognized. Traffic is forwarded to the Squid
box. I've verified this with Ethereal; with Squid not registered with
the router, eth0 doesn't see traffic from my browser. With Squid
registered with the router, I see the traffic on eth0, but nothing
more ever happens...
-Erik

On 11/1/06, JT Moree <> wrote:
> > Erik Bixby wrote:
> > SquidGuard runs fine. With a browser configured to use the proxy
> > directly, everything works. It's only when trying to intercept
> > traffic that things fall down. I can get the packets from the client
> > to the web server to either the Ethernet or GRE virtual interface on
> > the Squid box, but Squid does nothing with them. That is my problem;
> > how to get Squid to act on HTTP requests that are neither originated
> > from nor destined for it.
>
> huh? Try using the firewall on the squid box to forward incoming
> traffic for port 80 to the squid port. Unless you are running squid at
> port 80--which is possible I suppose.
>
> If you are trying to automatically forward port 443 (ssl) i don't think
> that will work. ssl traffic will need to use the proxy setup in the
> browser.
>
> If I understand what you are trying to do it involves more than just
> squid to do it. Probably need to re-direct all port 80 traffic that is
> not from the squid box to the squid box on the real firewall. Then
> allow squid box to access port 80 through the firewall.
>
> Is the proxy server (squid) the same as the firewall? same principles
> apply just on one machine rather than over the network.
>
> - --
> JT Morée
> PC Xperience, Inc.
> >
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> MailScanner thanks transtec Computers for their support.
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: Squid Interception Proxying TroublesRe: Squid Interception Proxying Troubles->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)