Sergio Belkin wrote:
2008/6/5 Amos Jeffries <squid3@xxxxxxxxxxxxx>:
Sergio Belkin wrote:
Hi,
I'd want to know if it's possible allos MSN usage along transparent proxy.
Possible. But not always easy. It depends highly on the type of network you
have setup (a level of NAT between the client and squid kills it fairly
well).
The schema is as follows:
A user connect with his notebook via Access Point which has OpenWRT
installed. OpenWRT has DNAT rules:
iptables -t nat -A prerouting_rule -i br0 -p tcp --dport 80 -j DNAT
--to-destination $SQUID_IP:8080
iptables -t nat -A prerouting_rule -i br0 -p tcp --dport 1863 -j DNAT
--to-destination SQUID_IP:8080
That NAT happening on the AP would break squid transparency.
The AP needs to do policy-routing to pass only the port-80 packets to
the squid box.
http://wiki.squid-cache.org/ConfigExamples/LinuxPolicyRouteWebTraffic
The NAT part appears to be right, but the Squid box should be the one
doing it.
There is something about authentication too with MSN, full TPROXY may be
needed for that one.
(I've tried the last one and even redirecting 1050, but I'm not sure
if that's right)
Users can browse the web with no problems using transparent proxy
(except SSL sites of course) but they fail to use MSN.
MSN is _supposed_ to have automatic failovers to port 80 that use HTTP. But
that depends on what other paths it can find through your network first.
Amos
--
Please use Squid 2.7.STABLE1 or 3.0.STABLE6
