Re: [squid-users] Really transparent proxy

From: Adrian Chadd <adrian@dont-contact.us>
Date: Sat, 19 May 2007 10:10:28 +0800

On Thu, May 17, 2007, Henrik Nordstrom wrote:
> tor 2007-05-17 klockan 17:49 -0300 skrev Facundo Vilarnovo:
>
> > we are now discarting last options, like the MUST tcp_outgoing_address
> > (wich makes that clients times out while surfing)......but any clues are
> > welcome
>
> If you see timeouts then there most likely is a routing issue.
>
> Have you arranged your network so that all port 80 traffic in all
> directions (yes ALL) passes via the proxy?
>
> Running TPROXY requires a fairly more complex setup than plain
> interception as you also need to worry about return traffic from the
> Internet, not just the clients outgoing requests..
>
> For testing TPROXY i recommend first doing it on a box running as
> router/gateway between a small LAN and the rest.. then when you have got
> that working move into deploying it in a larger network using WCCP2 with
> two services (one per direction) or similar...

Specifically, its only going to work when there's -one- possible gateway.
(its possible to do it with multiple gateways in the same location, but
I wouldn't want stake my reputation on it.) the gateway (ie router)
can have multiple uplinks, and each uplink has to have WCCP traffic
redirection configured.

Remember, TPROXY full transparent proxying only works when the proxy
can be given all the traffic between your client and the internet,
and not if there's any particular path traffic can take cliet -> internet
or internet -> client that you can't intercept.

HTH,

Adrian
Received on Fri May 18 2007 - 20:10:09 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Jun 01 2007 - 12:00:05 MDT