--- In [email protected], "Nadeem M. Khan" <[EMAIL PROTECTED]>
wrote:
>
> With inline squid, you get to implement intercept caching. That is,
> squid can intercept traffic without configuring the client browsers to
> use a proxy. This supposedly prevents users from disabling the "use
> proxy" feature in their browsers and get free access.
This is reffered to as a "transparent proxy" if I'm not mistaking. You
have to set some options in your squid.conf and more importantly you
have to configure your firewall / iptables, whatever to redirect all
port 80 traffic from your LAN your <proxy host>:<proxy port>. Like so:
squid.conf
----------
* httpd_accel_host virtual
* httpd_accel_port 80
* httpd_accel_with_proxy on
* httpd_accel_uses_host_header on
iptables
--------
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128
That is, if your proxy is running on port 3128 of the same machine as
your gateway.
This is used by many ISP's, corporates etc these days. That way people
don't have to set their a proxy in their browsers.
The disadvantage (well, sort of) is that port 80 always seems open on
port scans. This happens in DIC if I recall correctly. Don't know
about Etisalat, but I see no reason why not.
Jee, I miss a wiki for this kind of code stuff...
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/dubailug/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
