RE: [squid-users] Really transparent proxy

From: Facundo Vilarnovo <fvilarnovo@dont-contact.us>
Date: Wed, 16 May 2007 01:02:46 -0300

Zul, we already do that... it doesn't chance anything :(

I don't remember right now how it was but, in option 1 via off, forward off, show that I'm BEHIND a proxy, but show the client ip address. Option 2: Without via and forward doesn't, but shows the squid ip address, instead the clients ip, I don't know if you understand me :(

But it was something like that :(

Tnxs to all
Facundo Vilarnovo
 

-----Mensaje original-----
De: zulkarnain [mailto:sizulku@yahoo.com]
Enviado el: Miércoles, 16 de Mayo de 2007 12:55 a.m.
Para: Facundo Vilarnovo; squid-users@squid-cache.org
Asunto: RE: [squid-users] Really transparent proxy

Add this following entry to your squid.conf

via off
forwarded_for off

Regards,
Zul
--- Facundo Vilarnovo <fvilarnovo@ertach.com> wrote:

> Here it goes!
> #####squid Conf.#####
> http_port 3128 tproxy transparent
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> cache deny QUERY
> acl apache rep_header Server ^Apache
> broken_vary_encoding allow apache
> access_log /usr/local/squid/var/logs/access.log
> squid
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern . 0 20% 4320
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> acl our_networks src 0.0.0.0/0.0.0.0
> http_access allow our_networks
> http_access deny all
> http_reply_access allow all
> icp_access allow all
> visible_hostname debian-sq
> wccp2_router XXX.XXX.XXX.XXX
> wccp_version 4
> wccp2_forwarding_method 1
> wccp2_return_method 1
> wccp2_assignment_method 1
> coredump_dir /usr/local/squid/var/cache
> ###### end of file #####
>
> Here are the Iptables:
> squid-RC9:/usr/local/squid/etc# iptables -L -t
> tproxy
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
>
> TPROXY tcp -- anywhere anywhere
> tcp dpt:www
> TPROXY redirect 0.0.0.0:3128
> TPROXY tcp -- anywhere anywhere
> tcp dpt:www
> TPROXY redirect 0.0.0.0:80
> TPROXY tcp -- anywhere anywhere
> tcp dpt:www
> TPROXY redirect 0.0.0.0:80
> TPROXY tcp -- anywhere anywhere
> tcp dpt:www
> TPROXY redirect 0.0.0.0:3128
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
>
> if any extra info is needed i have no problem to
> postit!
>
>
> Thnxs all!!
> Facundo Vilarnovo

 
____________________________________________________________________________________
8:00? 8:25? 8:40? Find a flick in no time
with the Yahoo! Search movie showtime shortcut.
http://tools.search.yahoo.com/shortcuts/#news
Received on Tue May 15 2007 - 22:02:54 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:05 MDT