2008/6/7 Amos Jeffries <squid3@xxxxxxxxxxxxx>: > Sergio Belkin wrote: >> >> 2008/6/5 Amos Jeffries <squid3@xxxxxxxxxxxxx>: >>> >>> Sergio Belkin wrote: >>>> >>>> Hi, >>>> I'd want to know if it's possible allos MSN usage along transparent >>>> proxy. >>> >>> Possible. But not always easy. It depends highly on the type of network >>> you >>> have setup (a level of NAT between the client and squid kills it fairly >>> well). >> >> The schema is as follows: >> >> A user connect with his notebook via Access Point which has OpenWRT >> installed. OpenWRT has DNAT rules: >> >> iptables -t nat -A prerouting_rule -i br0 -p tcp --dport 80 -j DNAT >> --to-destination $SQUID_IP:8080 >> >> iptables -t nat -A prerouting_rule -i br0 -p tcp --dport 1863 -j DNAT >> --to-destination SQUID_IP:8080 > > That NAT happening on the AP would break squid transparency. > The AP needs to do policy-routing to pass only the port-80 packets to the > squid box. > http://wiki.squid-cache.org/ConfigExamples/LinuxPolicyRouteWebTraffic > > The NAT part appears to be right, but the Squid box should be the one doing > it. So But why is web browsing working fine? > > There is something about authentication too with MSN, Where can I red about it? > full TPROXY may be > needed for that one. > >> >> (I've tried the last one and even redirecting 1050, but I'm not sure >> if that's right) >> >> Users can browse the web with no problems using transparent proxy >> (except SSL sites of course) but they fail to use MSN. >> >> >>> MSN is _supposed_ to have automatic failovers to port 80 that use HTTP. >>> But >>> that depends on what other paths it can find through your network first. >>> > > Amos > -- > Please use Squid 2.7.STABLE1 or 3.0.STABLE6 > -- -- Open Kairos http://www.openkairos.com Watch More TV http://sebelk.blogspot.com Sergio Belkin -