Re: [squid-users] Re: How to make Squid 3.3.8 a transparent proxy? [SOLVED]

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 22 Apr 2014 15:13:23 +1200

On 22/04/2014 7:59 a.m., Tobias Krais wrote:
> Hi Amos,
>
> first of all: you're great! It works!
>
> Your explanations were very helpful! Now I understand that I had a
> failure since years in my config, but squid just allowed me to work with
> it.
>

Welcome.

> Regarding my firewall rules I have a OT question:
>
>>> # Port 80 Traffic automatisch auf Dansguardian legen # Traffic von
>>> root akzeptieren iptables -t nat -A OUTPUT -p tcp --dport 80 -m
>>> owner --uid-owner root -j ACCEPT iptables -t nat -A OUTPUT -p tcp
>>> --dport 80 -m owner --uid-owner proxy -j ACCEPT # ... alle anderen
>>> Benutzer auf Port 8080 umbiegen iptables -t nat -A OUTPUT -p tcp
>>> --dport 80 -j REDIRECT --to-port 8080 iptables -t nat -A OUTPUT -p
>>> udp --dport 80 -j REDIRECT --to-port 8080
>>
>> NOTE: HTTP does not travel over UDP.
>
> I never thought about this issue. This means that I can delete my UDP
> firewall rules, because squid and dansguardian does not filter it. Am i
> right?

Unless you have something else that it was specifically being used or
beyond HTTP (CoAPS? ICP/HTCP?) then yes it can probably go.

Amos
Received on Tue Apr 22 2014 - 03:13:30 MDT

This archive was generated by hypermail 2.2.0 : Tue Apr 22 2014 - 12:00:06 MDT