Re: [squid-users] Squid as interception proxy with pf

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Fri, 08 Dec 2006 16:55:28 +0100

fre 2006-12-08 klockan 16:02 +0100 skrev Ghislain Garçon:

> I looked in kernel sources... and it's look like the lines above open
> a device created by ipfilter... but pf doesn't need ipfilter in order
> to work.

The question to ask is how does pf report the oiginal destination
address to the application?

There is three methods commonly used

a) ioctls on a special device. (ipfilter and derivates)

b) getsockopt on the filedescriptor. (linux iptables/netfilter)

c) getsockname() returning the original address as the local endpoint.
(linux ipchains, and some others)

Maybe pf falls into category 'c'. If so then it should work if you do
not specify any --enable-... options for transparent interception.

To test try the following from an intercepted client

telnet 12.160.37.9 80
GET / HTTP/1.0
[blank line]

should return the squid-cache.org home page, and http://12.160.37.9/
should get logged in Squid access.log.

Note: this can't be tested with a browser.

Regards
Henrik

Received on Fri Dec 08 2006 - 08:55:34 MST

This archive was generated by hypermail pre-2.1.9 : Mon Jan 01 2007 - 12:00:01 MST