2008/6/7 Amos Jeffries <squid3_at_treenet.co.nz>:
> Sergio Belkin wrote:
>>
>> 2008/6/5 Amos Jeffries <squid3_at_treenet.co.nz>:
>>>
>>> Sergio Belkin wrote:
>>>>
>>>> Hi,
>>>> I'd want to know if it's possible allos MSN usage along transparent
>>>> proxy.
>>>
>>> Possible. But not always easy. It depends highly on the type of network
>>> you
>>> have setup (a level of NAT between the client and squid kills it fairly
>>> well).
>>
>> The schema is as follows:
>>
>> A user connect with his notebook via Access Point which has OpenWRT
>> installed. OpenWRT has DNAT rules:
>>
>> iptables -t nat -A prerouting_rule -i br0 -p tcp --dport 80 -j DNAT
>> --to-destination $SQUID_IP:8080
>>
>> iptables -t nat -A prerouting_rule -i br0 -p tcp --dport 1863 -j DNAT
>> --to-destination SQUID_IP:8080
>
> That NAT happening on the AP would break squid transparency.
> The AP needs to do policy-routing to pass only the port-80 packets to the
> squid box.
> http://wiki.squid-cache.org/ConfigExamples/LinuxPolicyRouteWebTraffic
>
> The NAT part appears to be right, but the Squid box should be the one doing
> it.
So But why is web browsing working fine?
>
> There is something about authentication too with MSN,
Where can I red about it?
> full TPROXY may be
> needed for that one.
>
>>
>> (I've tried the last one and even redirecting 1050, but I'm not sure
>> if that's right)
>>
>> Users can browse the web with no problems using transparent proxy
>> (except SSL sites of course) but they fail to use MSN.
>>
>>
>>> MSN is _supposed_ to have automatic failovers to port 80 that use HTTP.
>>> But
>>> that depends on what other paths it can find through your network first.
>>>
>
> Amos
> --
> Please use Squid 2.7.STABLE1 or 3.0.STABLE6
>
-- -- Open Kairos http://www.openkairos.com Watch More TV http://sebelk.blogspot.com Sergio Belkin -Received on Sat Jun 07 2008 - 15:09:35 MDT
This archive was generated by hypermail 2.2.0 : Sun Jun 08 2008 - 12:00:04 MDT