thr3ads.net - Shorewall users - [Shorewall-users] tranparent proxy [Apr 2002]

If this information is useful, please help other people find it:
Share via:

Manuel Pompeia Santos

2002-Apr-19 14:51 UTC

[Shorewall-users] tranparent proxy

--=-YCivEYJYkHPY8z6W/IXI
Content-Type: multipart/alternative; boundary="=-UluO5IQqt6lgGLzs+gqe"


--=-UluO5IQqt6lgGLzs+gqe
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Hi,

I want to use squid as a transparent http proxy from the same linux box
it is installed. This is a internet directly connected box (cable).

Do you know how i can configure that in shorewall?

Thanks in advance,

Manel Santos
--=20
http://mpompeia.ods.org

--=-UluO5IQqt6lgGLzs+gqe
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
  <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html;
CHARSET=3DUTF-8">
  <META NAME=3D"GENERATOR" CONTENT=3D"GtkHTML/1.0.2">
</HEAD>
<BODY>
Hi,
<BR>

<BR>
I want to use squid as a transparent http proxy from the same linux box it is
installed. This is a internet directly connected box (cable).
<BR>

<BR>
Do you know how i can configure that in shorewall?
<BR>

<BR>
Thanks in advance,
<BR>

<BR>
Manel Santos
<TABLE CELLSPACING=3D"0" CELLPADDING=3D"0"
WIDTH=3D"100%">
<TR>
<TD>
<PRE>--=20
http://mpompeia.ods.org</PRE>
</TD>
</TR>
</TABLE>

</BODY>
</HTML>

--=-UluO5IQqt6lgGLzs+gqe--

--=-YCivEYJYkHPY8z6W/IXI
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQA8wC8Fe2qYn+pvHIERAsidAJ0bKo60xmhAX5cvE5bOwPLyg11ewgCfahvZ
0REbsnJZMa2lv8IUSdc4Mi0=jKbw
-----END PGP SIGNATURE-----

--=-YCivEYJYkHPY8z6W/IXI--

Tom Eastep

2002-Apr-19 15:20 UTC

head link

[Shorewall-users] tranparent proxy

On 19 Apr 2002, Manuel Pompeia Santos wrote:
> Hi,
> 
> I want to use squid as a transparent http proxy from the same linux box
> it is installed. This is a internet directly connected box (cable).
> 
> Do you know how i can configure that in shorewall?
> 
Look at example 2 at http://www.shorewall.net/Documentation.htm#Rules. 
Also, be sure to carefully follow the directions in the Squid 
documentation for configuring Squid as a transparent proxy.

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

Manuel Pompeia Santos

2002-Apr-19 15:45 UTC

head link

[Shorewall-users] tranparent proxy

--=-SI+kcq/DwrCjKTESoQOh
Content-Type: multipart/alternative; boundary="=-evj5ecVMIdQbnPBBpBdx"


--=-evj5ecVMIdQbnPBBpBdx
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Thanks for the quick response.
But the thing is that the client isn''t the local network, but the
firewall itself.

On Fri, 2002-04-19 at 16:20, Tom Eastep wrote:

    On 19 Apr 2002, Manuel Pompeia Santos wrote:
   =20
    > Hi,
    >=20
    > I want to use squid as a transparent http proxy from the same linux box
    > it is installed. This is a internet directly connected box (cable).
    >=20
    > Do you know how i can configure that in shorewall?
    >=20
   =20
    Look at example 2 at http://www.shorewall.net/Documentation.htm#Rules.=20
    Also, be sure to carefully follow the directions in the Squid=20
    documentation for configuring Squid as a transparent proxy.
   =20
    -Tom
    --
    Tom Eastep    \ Shorewall - iptables made easy
    AIM: tmeastep  \ http://www.shorewall.net
    ICQ: #60745924  \ teastep@shorewall.net

--=20
http://mpompeia.ods.org

--=-evj5ecVMIdQbnPBBpBdx
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
  <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html;
CHARSET=3DUTF-8">
  <META NAME=3D"GENERATOR" CONTENT=3D"GtkHTML/1.0.2">
</HEAD>
<BODY>
Thanks for the quick response.
<BR>
But the thing is that the client isn''t the local network, but the
firewall itself.
<BR>

<BR>
On Fri, 2002-04-19 at 16:20, Tom Eastep wrote:
    <BLOCKQUOTE>
<PRE><FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>On 19 Apr 2002, Manuel Pompeia Santos
wrote:</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I></FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt;
Hi,</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt; </FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt; I want to use squid as a transparent
http proxy from the same linux box</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt; it is installed. This is a internet
directly connected box (cable).</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt; </FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt; Do you know how i can configure that
in shorewall?</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt; </FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I></FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>Look at example 2 at
http://www.shorewall.net/Documentation.htm#Rules.
</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>Also, be sure to carefully follow the
directions in the Squid </FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>documentation for configuring Squid as a
transparent proxy.</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I></FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>-Tom</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>--</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>Tom Eastep    \ Shorewall - iptables made
easy</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>AIM: tmeastep  \
http://www.shorewall.net</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>ICQ: #60745924&nbsp; \
</FONT></FONT></I><A
HREF=3D"mailto:teastep@shorewall.net"><FONT
SIZE=3D"3"><I>teastep@shorewall.net</FONT></I></A></PRE>
    </BLOCKQUOTE>
<TABLE CELLSPACING=3D"0" CELLPADDING=3D"0"
WIDTH=3D"100%">
<TR>
<TD>
<PRE>--=20
http://mpompeia.ods.org</PRE>
</TD>
</TR>
</TABLE>

</BODY>
</HTML>

--=-evj5ecVMIdQbnPBBpBdx--

--=-SI+kcq/DwrCjKTESoQOh
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQA8wDt+e2qYn+pvHIERArCQAKC1vtAsUjkWCbFaDnd/sgTERKu+zgCbBMoH
CM3ETYQQCfPOWn+JSTFglcM=vtii
-----END PGP SIGNATURE-----

--=-SI+kcq/DwrCjKTESoQOh--

Tom Eastep

2002-Apr-19 15:54 UTC

head link

[Shorewall-users] tranparent proxy

On 19 Apr 2002, Manuel Pompeia Santos wrote:
> Thanks for the quick response.
> But the thing is that the client isn''t the local network, but the
> firewall itself.
> 
You can try the following:

ACCEPT	fw	fw::8080	tcp	80	-	all

I know that DNAT in the OUTPUT chain is broken in NetFilter but I''m not
sure about
REDIRECT. 

Why do you want to do this? Site filtering?


-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

Tom Eastep

2002-Apr-19 16:02 UTC

head link

[Shorewall-users] tranparent proxy

On Fri, 19 Apr 2002, Tom Eastep wrote:
> On 19 Apr 2002, Manuel Pompeia Santos wrote:
> 
> > Thanks for the quick response.
> > But the thing is that the client isn''t the local network, but
the
> > firewall itself.
> > 
> 
> You can try the following:
> 
> ACCEPT	fw	fw::8080	tcp	80	-	all
> 
> I know that DNAT in the OUTPUT chain is broken in NetFilter but
I''m not sure about
> REDIRECT. 
> 
I''ve tested something similar here and it seems to work.

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

Tom Eastep

2002-Apr-19 16:07 UTC

head link

[Shorewall-users] tranparent proxy

On Fri, 19 Apr 2002, Tom Eastep wrote:
> On Fri, 19 Apr 2002, Tom Eastep wrote:
> 
> > On 19 Apr 2002, Manuel Pompeia Santos wrote:
> > 
> > > Thanks for the quick response.
> > > But the thing is that the client isn''t the local
network, but the
> > > firewall itself.
> > > 
> > 
> > You can try the following:
> > 
> > ACCEPT	fw	fw::8080	tcp	80	-	all
> > 
> > I know that DNAT in the OUTPUT chain is broken in NetFilter but
I''m not sure about
> > REDIRECT. 
> > 
> 
> I''ve tested something similar here and it seems to work.
> 
That is to say, the REDIRECT rule works but you are going to be screwed 
trying to run Squid this way. 

Hint: How is Squid going to be able to connect to remote HTTP sites if ALL 
requests to connect to HTTP get redirected back to the firewall?

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

Manuel Pompeia Santos

2002-Apr-19 16:10 UTC

head link

[Shorewall-users] tranparent proxy

--=-wqSnIN3UpLtk3mfLFqWq
Content-Type: multipart/alternative; boundary="=-Q0iHRDWnWQD6G5NnMhuO"


--=-Q0iHRDWnWQD6G5NnMhuO
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Now you see the problem ;)

On Fri, 2002-04-19 at 17:07, Tom Eastep wrote:

    On Fri, 19 Apr 2002, Tom Eastep wrote:
   =20
    > On Fri, 19 Apr 2002, Tom Eastep wrote:
    >=20
    > > On 19 Apr 2002, Manuel Pompeia Santos wrote:
    > >=20
    > > > Thanks for the quick response.
    > > > But the thing is that the client isn''t the local
network, but the
    > > > firewall itself.
    > > >=20
    > >=20
    > > You can try the following:
    > >=20
    > > ACCEPT	fw	fw::8080	tcp	80	-	all
    > >=20
    > > I know that DNAT in the OUTPUT chain is broken in NetFilter but
I''m not sure about=20
    > > REDIRECT.=20
    > >=20
    >=20
    > I''ve tested something similar here and it seems to work.
    >=20
   =20
    That is to say, the REDIRECT rule works but you are going to be screwed=20
    trying to run Squid this way.=20
   =20
    Hint: How is Squid going to be able to connect to remote HTTP sites if
ALL=20
    requests to connect to HTTP get redirected back to the firewall?
   =20
    -Tom
    --
    Tom Eastep    \ Shorewall - iptables made easy
    AIM: tmeastep  \ http://www.shorewall.net
    ICQ: #60745924  \ teastep@shorewall.net

--=20
http://mpompeia.ods.org

--=-Q0iHRDWnWQD6G5NnMhuO
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
  <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html;
CHARSET=3DUTF-8">
  <META NAME=3D"GENERATOR" CONTENT=3D"GtkHTML/1.0.2">
</HEAD>
<BODY>
Now you see the problem ;)
<BR>

<BR>
On Fri, 2002-04-19 at 17:07, Tom Eastep wrote:
    <BLOCKQUOTE>
<PRE><FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>On Fri, 19 Apr 2002, Tom Eastep
wrote:</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I></FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt; On Fri, 19 Apr 2002, Tom Eastep
wrote:</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt; </FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt; &gt; On 19 Apr 2002, Manuel
Pompeia Santos wrote:</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt; &gt;
</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt; &gt; &gt; Thanks for the quick
response.</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt; &gt; &gt; But the thing is
that the client isn''t the local network, but
the</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt; &gt; &gt; firewall
itself.</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt; &gt; &gt;
</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt; &gt;
</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt; &gt; You can try the
following:</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt; &gt;
</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt; &gt; ACCEPT	fw	fw::8080	tcp	80	-
all</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt; &gt;
</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt; &gt; I know that DNAT in the
OUTPUT chain is broken in NetFilter but I''m not sure about
</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt; &gt; REDIRECT.
</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt; &gt;
</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt; </FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt; I''ve tested something similar
here and it seems to work.</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt; </FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I></FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>That is to say, the REDIRECT rule works but you
are going to be screwed </FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>trying to run Squid this way.
</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I></FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>Hint: How is Squid going to be able to connect
to remote HTTP sites if ALL </FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>requests to connect to HTTP get redirected back
to the firewall?</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I></FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>-Tom</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>--</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>Tom Eastep    \ Shorewall - iptables made
easy</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>AIM: tmeastep  \
http://www.shorewall.net</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>ICQ: #60745924&nbsp; \
</FONT></FONT></I><A
HREF=3D"mailto:teastep@shorewall.net"><FONT
SIZE=3D"3"><I>teastep@shorewall.net</FONT></I></A></PRE>
    </BLOCKQUOTE>
<TABLE CELLSPACING=3D"0" CELLPADDING=3D"0"
WIDTH=3D"100%">
<TR>
<TD>
<PRE>--=20
http://mpompeia.ods.org</PRE>
</TD>
</TR>
</TABLE>

</BODY>
</HTML>

--=-Q0iHRDWnWQD6G5NnMhuO--

--=-wqSnIN3UpLtk3mfLFqWq
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQA8wEFce2qYn+pvHIERAjvFAJ92UqNdQhRIBNX3cHhVK68W5Ei9kwCfaout
LVri3xx2zyT+NhGBGFZemYs=kilk
-----END PGP SIGNATURE-----

--=-wqSnIN3UpLtk3mfLFqWq--

Tom Eastep

2002-Apr-19 16:13 UTC

head link

[Shorewall-users] tranparent proxy

On 19 Apr 2002, Manuel Pompeia Santos wrote:
> Now you see the problem ;)
> 
But again, why do you want to do this in the first place.

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

Manuel Pompeia Santos

2002-Apr-19 16:17 UTC

head link

[Shorewall-users] tranparent proxy

--=-W4dnsey8zA49I3dAult9
Content-Type: multipart/alternative; boundary="=-CIf5D62rwch+mdzokSBD"


--=-CIf5D62rwch+mdzokSBD
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Simply because i''m working in that workstation.

On Fri, 2002-04-19 at 17:13, Tom Eastep wrote:

    On 19 Apr 2002, Manuel Pompeia Santos wrote:
   =20
    > Now you see the problem ;)
    >=20
   =20
    But again, why do you want to do this in the first place.
   =20
    -Tom
    --
    Tom Eastep    \ Shorewall - iptables made easy
    AIM: tmeastep  \ http://www.shorewall.net
    ICQ: #60745924  \ teastep@shorewall.net

--=20
http://mpompeia.ods.org

--=-CIf5D62rwch+mdzokSBD
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
  <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html;
CHARSET=3DUTF-8">
  <META NAME=3D"GENERATOR" CONTENT=3D"GtkHTML/1.0.2">
</HEAD>
<BODY>
Simply because i''m working in that workstation.
<BR>

<BR>
On Fri, 2002-04-19 at 17:13, Tom Eastep wrote:
    <BLOCKQUOTE>
<PRE><FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>On 19 Apr 2002, Manuel Pompeia Santos
wrote:</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I></FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt; Now you see the problem
;)</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt; </FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I></FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>But again, why do you want to do this in the
first place.</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I></FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>-Tom</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>--</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>Tom Eastep    \ Shorewall - iptables made
easy</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>AIM: tmeastep  \
http://www.shorewall.net</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>ICQ: #60745924&nbsp; \
</FONT></FONT></I><A
HREF=3D"mailto:teastep@shorewall.net"><FONT
SIZE=3D"3"><I>teastep@shorewall.net</FONT></I></A></PRE>
    </BLOCKQUOTE>
<TABLE CELLSPACING=3D"0" CELLPADDING=3D"0"
WIDTH=3D"100%">
<TR>
<TD>
<PRE>--=20
http://mpompeia.ods.org</PRE>
</TD>
</TR>
</TABLE>

</BODY>
</HTML>

--=-CIf5D62rwch+mdzokSBD--

--=-W4dnsey8zA49I3dAult9
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQA8wEMUe2qYn+pvHIERAvCYAJsGOpZxX8prjFIr58HO5PcmStwjJwCeO4xN
HnlUV/0UePi7Azc4wPpD2hs=Iew6
-----END PGP SIGNATURE-----

--=-W4dnsey8zA49I3dAult9--

Tom Eastep

2002-Apr-19 16:22 UTC

head link

[Shorewall-users] tranparent proxy

On 19 Apr 2002, Manuel Pompeia Santos wrote:
> Simply because i''m working in that workstation.
>
But what value does Squid add over the cache in your browser (other than 
adding another big program to your mix)?

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

Paul Slinski

2002-Apr-19 16:28 UTC

head link

[Shorewall-users] tranparent proxy

We use this at our location (using Seawall) to help cut down on bandwidth=2E
It=20
works quite well, although you need to make sure Squid (if that is the proxy=20
in use) is configured for transparent proxy (http_accel).

On April 19, 2002 12:22 pm, Tom Eastep wrote:> On 19 Apr 2002, Manuel Pompeia Santos wrote:
> > Simply because i''m working in that workstation.
>
> But what value does Squid add over the cache in your browser (other than
> adding another big program to your mix)?
>
> -Tom
--=20
Paul Slinski
System Administrator
Global IQX
http://www.globaliqx.com/
pauls@globaliqx.com

Manuel Pompeia Santos

2002-Apr-19 16:37 UTC

head link

[Shorewall-users] tranparent proxy

--=-C9ThU8N3oMwzwwGu1CZ2
Content-Type: multipart/alternative; boundary="=-PAgWrAthvAMrwkOUvB/t"


--=-PAgWrAthvAMrwkOUvB/t
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

The proxy is always transparently used by the local network. I just want
to use it myself to.

On Fri, 2002-04-19 at 17:22, Tom Eastep wrote:

    On 19 Apr 2002, Manuel Pompeia Santos wrote:
   =20
    > Simply because i''m working in that workstation.
    >
   =20
    But what value does Squid add over the cache in your browser (other than=20
    adding another big program to your mix)?
   =20
    -Tom
    --
    Tom Eastep    \ Shorewall - iptables made easy
    AIM: tmeastep  \ http://www.shorewall.net
    ICQ: #60745924  \ teastep@shorewall.net
   =20
    _______________________________________________
    Shorewall-users mailing list
    Shorewall-users@shorewall.net

http://www.shorewall.net/mailman/listinfo/shorewall-users
--=20
http://mpompeia.ods.org

--=-PAgWrAthvAMrwkOUvB/t
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
  <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html;
CHARSET=3DUTF-8">
  <META NAME=3D"GENERATOR" CONTENT=3D"GtkHTML/1.0.2">
</HEAD>
<BODY>
The proxy is always transparently used by the local network. I just want to use
it myself to.
<BR>

<BR>
On Fri, 2002-04-19 at 17:22, Tom Eastep wrote:
    <BLOCKQUOTE>
<PRE><FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>On 19 Apr 2002, Manuel Pompeia Santos
wrote:</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I></FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt; Simply because i''m working in
that workstation.</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt;</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I></FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>But what value does Squid add over the cache in
your browser (other than </FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>adding another big program to your
mix)?</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I></FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>-Tom</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>--</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>Tom Eastep    \ Shorewall - iptables made
easy</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>AIM: tmeastep  \
http://www.shorewall.net</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>ICQ: #60745924  \
teastep@shorewall.net</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I></FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>_______________________________________________</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>Shorewall-users mailing
list</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>Shorewall-users@shorewall.net</FONT></FONT></I></PRE>
    </BLOCKQUOTE>
<A
HREF=3D"http://www.shorewall.net/mailman/listinfo/shorewall-users"><FONT
SIZE=3D"3"><I>http://www.shorewall.net/mailman/listinfo/shorewall-users</FONT></I></A>
<TABLE CELLSPACING=3D"0" CELLPADDING=3D"0"
WIDTH=3D"100%">
<TR>
<TD>
<PRE>--=20
http://mpompeia.ods.org</PRE>
</TD>
</TR>
</TABLE>

</BODY>
</HTML>

--=-PAgWrAthvAMrwkOUvB/t--

--=-C9ThU8N3oMwzwwGu1CZ2
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQA8wEfbe2qYn+pvHIERAl8IAJ4kWxwAMNCNMdNUkfbC8Q1wR1tzgACaAvwk
cGckYDdakpWYrdNxSCEsF6g=qst8
-----END PGP SIGNATURE-----

--=-C9ThU8N3oMwzwwGu1CZ2--

Tom Eastep

2002-Apr-19 16:39 UTC

head link

[Shorewall-users] tranparent proxy

On Fri, 19 Apr 2002, Paul Slinski wrote:
> We use this at our location (using Seawall) to help cut down on bandwidth.
It
> works quite well, although you need to make sure Squid (if that is the
proxy
> in use) is configured for transparent proxy (http_accel).
> 
I understand why Squid is a good thing in general -- I''m just wondering
why I would want to run it in Manuel''s case. I suppose that if Manuel
is
running Squid on his firewall for the good reasons that you suggest and he
is also browsing the web from the firewall then he might want to make use
of the Squid cache.

I wonder if it is possible to configure squid so that it can be used as 
both a transparent and an explicit proxy; that way, Manuel could configure 
his browser on the firewall to use the local proxy yet local users would 
continue to use the proxy transparently.

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net

Manuel Pompeia Santos

2002-Apr-19 16:41 UTC

head link

[Shorewall-users] tranparent proxy

--=-Djdk6jn5+aT8gFzTQ4Ge
Content-Type: multipart/alternative; boundary="=-zjmCny2449WhWyTc0+IH"


--=-zjmCny2449WhWyTc0+IH
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

The squid configuration part is ok, it works for my lan.
I can redirect all packets to port 80 to 3128 from the lan, but not from
the firewall itself.

On Fri, 2002-04-19 at 17:28, Paul Slinski wrote:

    We use this at our location (using Seawall) to help cut down on bandwidth.
It=20
    works quite well, although you need to make sure Squid (if that is the
proxy=20
    in use) is configured for transparent proxy (http_accel).
   =20
    On April 19, 2002 12:22 pm, Tom Eastep wrote:
    > On 19 Apr 2002, Manuel Pompeia Santos wrote:
    > > Simply because i''m working in that workstation.
    >
    > But what value does Squid add over the cache in your browser (other
than
    > adding another big program to your mix)?
    >
    > -Tom
   =20
    --=20
    Paul Slinski
    System Administrator
    Global IQX
    http://www.globaliqx.com/
    pauls@globaliqx.com
   =20
    _______________________________________________
    Shorewall-users mailing list
    Shorewall-users@shorewall.net

http://www.shorewall.net/mailman/listinfo/shorewall-users
--=20
http://mpompeia.ods.org

--=-zjmCny2449WhWyTc0+IH
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
  <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html;
CHARSET=3DUTF-8">
  <META NAME=3D"GENERATOR" CONTENT=3D"GtkHTML/1.0.2">
</HEAD>
<BODY>
The squid configuration part is ok, it works for my lan.
<BR>
I can redirect all packets to port 80 to 3128 from the lan, but not from the
firewall itself.
<BR>

<BR>
On Fri, 2002-04-19 at 17:28, Paul Slinski wrote:
    <BLOCKQUOTE>
<PRE><FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>We use this at our location (using Seawall) to
help cut down on bandwidth. It </FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>works quite well, although you need to make
sure Squid (if that is the proxy </FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>in use) is configured for transparent proxy
(http_accel).</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I></FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>On April 19, 2002 12:22 pm, Tom Eastep
wrote:</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt; On 19 Apr 2002, Manuel Pompeia Santos
wrote:</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt; &gt; Simply because i''m
working in that workstation.</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt;</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt; But what value does Squid add over the
cache in your browser (other than</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt; adding another big program to your
mix)?</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt;</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>&gt;
-Tom</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I></FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>-- </FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>Paul
Slinski</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>System
Administrator</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>Global IQX</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>http://www.globaliqx.com/</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>pauls@globaliqx.com</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I></FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>_______________________________________________</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>Shorewall-users mailing
list</FONT></FONT></I>
<FONT COLOR=3D"#737373"><FONT
SIZE=3D"3"><I>Shorewall-users@shorewall.net</FONT></FONT></I></PRE>
    </BLOCKQUOTE>
<A
HREF=3D"http://www.shorewall.net/mailman/listinfo/shorewall-users"><FONT
SIZE=3D"3"><I>http://www.shorewall.net/mailman/listinfo/shorewall-users</FONT></I></A>
<TABLE CELLSPACING=3D"0" CELLPADDING=3D"0"
WIDTH=3D"100%">
<TR>
<TD>
<PRE>--=20
http://mpompeia.ods.org</PRE>
</TD>
</TR>
</TABLE>

</BODY>
</HTML>

--=-zjmCny2449WhWyTc0+IH--

--=-Djdk6jn5+aT8gFzTQ4Ge
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQA8wEiee2qYn+pvHIERApFIAJsHxtAVTzGLtwJRklBWIqRc3LWdCgCeKOrM
E2P1Xb4a7jWa53ZHTwDGWIQ=/tQP
-----END PGP SIGNATURE-----

--=-Djdk6jn5+aT8gFzTQ4Ge--

Paul Slinski

2002-Apr-19 18:14 UTC

head link

[Shorewall-users] tranparent proxy

Yes. It is possible to configure it as both a transparent proxy and
standalone=20
all in one.

httpd_accel_with_proxy on

This tells squid you want to run as an accellerator as well as as a standard=20
proxy server. It is within the httpd_accel block of the configuration.

On April 19, 2002 12:39 pm, Tom Eastep wrote:> On Fri, 19 Apr 2002, Paul Slinski wrote:
> > We use this at our location (using Seawall) to help cut down on
> > bandwidth. It works quite well, although you need to make sure Squid
(if
> > that is the proxy in use) is configured for transparent proxy
> > (http_accel).
>
> I understand why Squid is a good thing in general -- I''m just
wondering
> why I would want to run it in Manuel''s case. I suppose that if
Manuel is
> running Squid on his firewall for the good reasons that you suggest and he
> is also browsing the web from the firewall then he might want to make use
> of the Squid cache.
>
> I wonder if it is possible to configure squid so that it can be used as
> both a transparent and an explicit proxy; that way, Manuel could configure
> his browser on the firewall to use the local proxy yet local users would
> continue to use the proxy transparently.
>
> -Tom
--=20
Paul Slinski
System Administrator
Global IQX
http://www.globaliqx.com/
pauls@globaliqx.com

Shorewall users - Apr 2002 - tranparent proxy

[Shorewall-users] tranparent proxy

[Shorewall-users] tranparent proxy

[Shorewall-users] tranparent proxy

[Shorewall-users] tranparent proxy

[Shorewall-users] tranparent proxy

[Shorewall-users] tranparent proxy

[Shorewall-users] tranparent proxy

[Shorewall-users] tranparent proxy

[Shorewall-users] tranparent proxy

[Shorewall-users] tranparent proxy

[Shorewall-users] tranparent proxy

[Shorewall-users] tranparent proxy

[Shorewall-users] tranparent proxy

[Shorewall-users] tranparent proxy

[Shorewall-users] tranparent proxy