havp supports parent setup, and as far as I have seen, it should be setup before squid. Now, I can always switch this around, and move the squid3 setup to 192.168.0.24 and setup havp on 192.168.0.1 of course. But 192.168.0.1 is running debian "production" and Debian does not support havp on a squeeze. So Im using a debian wheezy for havp in the mean while. And its not installed via apt.
If squid caches infected files, the local clamav should take care of that anyways? Since havp on the other server are using clamav as well. I really don't think the iptables rules should be that difficult to setup up, since I intercept the web traffic with this: iptables -t nat -A PREROUTING -i eth3 -p tcp --dport 80 -j REDIRECT --to-port 3128 So it's basically the same thing, but kinda like -j REDIRECT -to-destination 192.168.0.24:3127 But it's not working! grr! -Andreas On Feb 14, 2013, at 17:12 , babajaga <augustus_me...@yahoo.de> wrote: > Then its more a question how to setup iptables, the clients and HAVP. > However, why HAV first ? > This has the danger of squid caching infected files. And HAV will scan > cached files over and over again. > Then squid will be an upstream proxy of HAV. IF HAV supports parent proxies, > then squid should have no problem. > But this then either needs a proxy.pac for the clients browsers or explicit > proxy config for the clients browsers. > This would be the easier path. When this works, then to think about using > ipt with explicit routing of all packets to HAV-box. And back, so you have > to consider NAT. I am not fit enough in ipt, so I would keep it simple: > > client-PC-----squid-----HAV------web > > And the transparent setup for squid is well documented. > > PS: Grafik ist etwas klein :-) > > > > > > -- > View this message in context: > http://squid-web-proxy-cache.1019090.n4.nabble.com/Securing-squid3-tp4658495p4658501.html > Sent from the Squid - Users mailing list archive at Nabble.com.
