Re: [squid-users] Can squid Transparent Proxy listen to the http port directly? And without IPtables

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 15 Apr 2011 14:51:39 +1200

On 15/04/11 13:36, Henry Yuan wrote:
> Hi,
>
> I'm wondering whether you can set the http_port to be 80 in the
> squid.conf file to make squid work as a transparent proxy without
> IPtable.
>
> In other words, is configuring the squid machine as an NAT router an
> requirement for it to work?

For "NAT interception" to work NAT is required. There are other types of
traffic though.

TPROXY interception is one alternative that does not require NAT. It is
becoming more popular as IPv4 dies out.

> ( I'm doing a squid experiment for a course project. The course offers
> a network testbed, but we don't have root access on those machines.
> And IPtable is not available either.)

iptables/pf/ipf/ipfw etc are not optional. What they do is determine
where the packets go within the operating system. Lookup packet routing
and how TCP/IP works for more info in that area.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.12
   Beta testers wanted for 3.2.0.6
Received on Fri Apr 15 2011 - 02:51:46 MDT

This archive was generated by hypermail 2.2.0 : Fri Apr 15 2011 - 12:00:03 MDT