On Sun, Nov 29, 1998 at 10:10:03PM -0600, Fuzzy Fox wrote:
> Hongsheng Zhu <[EMAIL PROTECTED]> wrote:
> >
> > ipfwadm -I -a accept -P tcp -r 3128 192.168.0.31/32 -D any/0 www
> >
> > I think this will allow all packet from 192.168.0.31 to port 80 of
> > destination site being redirected to the port 3128 of my linux.
>
[snip]
> Thus, transparent proxying does not work with a standard proxy server
> such as Squid. Now, Squid could possibly be modified so that it does a
> getsockname() call to find out where the browser was trying to connect,
> and connect and forward the request there, but as far as I know, it has
> no such capability.
Actually, it can work. I once set up a masquerading box with Squid as a
transparent proxy. I set it up in the office of a friend of mine, and he didn't
want to have to reconfigure everyone's computer to use the proxy. We set up the
transparent proxy, and everyone was using it without knowing it.
This was, however, many months ago, and I haven't the faintest idea how we did
it. I do recall that it wasn't all that hard to do, and that the Squid docs
covered it.
One caveat is that Squid only knows the IP address you're trying to connect to,
and not the host name. So any name-based virtual hosts you're trying to connect
to won't work, just as if you were using an old browser that didn't send the
Host header. This is how I recall it working anyway; there's no reason Squid
couldn't look at the host header itself.
> I'm not even sure why you want to use transparent proxies in this
> manner, really. Why not just tell the browser to use an HTTP proxy and
> be done with it?
ISP's want to do it, and do do it. They can save lots of bandwidth by web
caching, and they don't have to tell their users they're doing it or have them
reconfigure anything. I won't address whether this is a good thing from a
user's perspective.
Chris
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
