Darcy Ganga
2003-Oct-28 07:11 UTC
[Shorewall-users] litle question (proxy transparent+authtenticate+shorewall)
Hi, I try configure squid proxy transparent and shorewall In my squid.conf have this configuration: http_port 8000 acl all src 0.0.0.0/0.0.0.0 acl password REQUIRED http_access allow password http_access deny all authentica_program /usr/lib/squid/ncsa_auth /etc/squid/passwd In my rules have: REDIRECT loc 8000 tcp 80 - !MY_IP_EXTERNAL ACCEPT fw net tcp 80 I try probe this configuration (in my browser try access to http://www.redhat.com) the access_log the squid say: 192.168.100.228 - - [28/Oct/2003:11:41:35 -0300] "GET / HTTP/0.0" 400 1076 NONE:NONE 192.168.100.228 - - [28/Oct/2003:11:41:37 -0300] "GET / HTTP/0.0" 400 1076 NONE:NONE 192.168.100.228 - - [28/Oct/2003:11:41:40 -0300] "GET / HTTP/0.0" 400 1076 NONE:NONE 192.168.100.228 - - [28/Oct/2003:11:41:44 -0300] "GET / HTTP/0.0" 400 1076 NONE:NONE 192.168.100.228 - - [28/Oct/2003:11:42:09 -0300] "GET / HTTP/0.0" 400 1076 NONE:NONE 192.168.100.228 - - [28/Oct/2003:11:42:14 -0300] "GET / HTTP/0.0" 400 1076 NONE:NONE Any use this configuration?, if possible what not support authenticate if use proxy transparent? -- Darcy Roberto Ganga System Engineer and Technical Software S&A Consultores de Chile S.A mailto:dganga@syachile.cl http://www.syachile.cl Phone:56-2-9401500 Direct:56-2-9401560 Key fingerprint = 91 4F 1F 11 89 E4 84 25 36 0B 92 E6 E6 91 8D 3F 47 05 36 EC User #290674 counter.li.org
Tom Eastep
2003-Oct-28 07:19 UTC
[Shorewall-users] litle question (proxy transparent+authtenticate+shorewall)
On Tue, 2003-10-28 at 07:11, Darcy Ganga wrote:> > Any use this configuration?, if possible what not support authenticate > if use proxy transparent?I would doubt that you could use authentication with a transparent proxy since the browser doesn''t know that the proxy exists. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
phil
2003-Oct-28 07:42 UTC
[Shorewall-users] litle question (proxy transparent+authtenticate+shorewall)
From: Tom Eastep <teastep@shorewall.net> To: Shorewall Users Mailing List <shorewall-users@lists.shorewall.net> Sent: Tue, 28 Oct 2003 07:18:59 -0800 Subject: Re: [Shorewall-users] litle question (proxy transparent+authtenticate+shorewall)> On Tue, 2003-10-28 at 07:11, Darcy Ganga wrote: > > > > > Any use this configuration?, if possible what not support authenticate > > if use proxy transparent? > > I would doubt that you could use authentication with a transparent proxy > since the browser doesn''t know that the proxy exists.I will second that, I know from experience with Squid+SquidGuard that if you are running it as a transparent proxy (either on the same box or a remote box) authentication does not work, at best it will allow all traffic through, at worst it will allow no traffic through (these positions are relative and may be reversed depending on your view point!) Regards Phil