Search squid archive

Re: Transparent proxy with MSN

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Sergio Belkin wrote:
2008/6/5 Amos Jeffries <squid3@xxxxxxxxxxxxx>:
Sergio Belkin wrote:
Hi,
I'd want to know if it's possible allos MSN usage along transparent proxy.
Possible. But not always easy. It depends highly on the type of network you
have setup (a level of NAT between the client and squid kills it fairly
well).

The schema is as follows:

A user connect with his notebook via Access Point which has OpenWRT
installed. OpenWRT has DNAT rules:

iptables -t nat -A prerouting_rule -i br0 -p tcp --dport 80 -j DNAT
--to-destination $SQUID_IP:8080

iptables -t nat -A prerouting_rule -i br0 -p tcp --dport 1863 -j DNAT
--to-destination SQUID_IP:8080

That NAT happening on the AP would break squid transparency.
The AP needs to do policy-routing to pass only the port-80 packets to the squid box.
  http://wiki.squid-cache.org/ConfigExamples/LinuxPolicyRouteWebTraffic

The NAT part appears to be right, but the Squid box should be the one doing it.

There is something about authentication too with MSN, full TPROXY may be needed for that one.


(I've tried the last one and even redirecting 1050, but I'm not sure
if that's right)

Users can browse the web with no problems using transparent proxy
(except SSL sites of course) but they fail to use MSN.


MSN is _supposed_ to have automatic failovers to port 80 that use HTTP. But
that depends on what other paths it can find through your network first.


Amos
--
Please use Squid 2.7.STABLE1 or 3.0.STABLE6

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux