On 6/28/05, Charl Papenfus <charl.ipsec@xxxxxxxxxxxxx> wrote: > I want to channel ALL traffic going to the internet (HTTP, HTTPS, FTP, etc) > through squid. I want to do away with a NAT gateway completely. > Any simple way to do this? Squid in transparent mode will NOT magically take Internet traffic on TCP/21 and proxy/cache it. Encrypted (HTTPS) traffic is also an issue, and you don't gain much by trying to transparently proxy HTTPS. If you can configure browser clients to *explicitly* use the Squid HTTP as a non-transparent proxy (via manual proxy settings, PAC, WPAD, etc) so the browsers always talk to the Squid listener on 3128 as the proxy for all *browser* traffic for all protocols, then *browsers* won't be trying to go out via default route, and you can turn off your NAT rule. But not all traffic is sourced from a browser. While just about every modern HTTP/HTTPS client library (Java, Perl, etc) can be manually configured to point to a HTTP proxy, with some effort, FTP is a whole other problem. And then there's RealAudio, and IRC, and WMA, and ... > Is it a case of running squid in accelerator mode and doing something like: > > Iptables -t nat -A POSTROUTING -o <wan_interface> ....... -j REDIRECT to > port 3128 ??? That would be a Linux question.
