ArcosCom Linux User wrote:
El Mar, 16 de Septiembre de 2008, 13:19, John Haxby escribió:
Well, not by squid, but the connection can be transparently proxied. I
have a tiny transparent proxy that redirects all connections to any port
outside an intranet to a connection through an HTTP CONNECT request.
As I now (and have working some HTTP proxyes with squid+iptables), the
problem are the requests.
Well, when you do a REDIRECT from 80 to 3128 (for squid), the squid must
know that it is working in transparent mode to process correctly the HTTP
requests, because they aren't directly for the proxy.
If you use the same theory for any other protocol, the "proxy" must know
how to process correctly these type of connections.
What "tiny transparent proxy" are you using? Perhaps, anybody could help
you in any trick with it!!.
It's a small program that basically accepts connections, creates an
onward connection to the http proxy at the periphery and sends an
appropriate CONNECT <addr>:<port> request.
The address and port come from this
struct sockaddr_in sin;
socklen_t len = sizeof(sin);
getsockopt (sock, SOL_IP, SO_ORIGINAL_DST, &sin, &len);
sprintf(buf, "CONNECT %s:%d HTTP/1.0\r\n\r\n",
inet_ntoa(sin.sin_addr), ntohs(sin.sin_port));
I can't remember if I found this by grepping the squid source code or
from a different web proxy. I really must find the time to pretty up my
program (and remove the bug that makes it crash from time to time) so I
can publish it somewhere for general consumption. It saves having to
configure world+dog to use a proxy.
jch
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
