Sergio Belkin wrote:
2008/6/7 Amos Jeffries <squid3@xxxxxxxxxxxxx>:
Sergio Belkin wrote:
2008/6/5 Amos Jeffries <squid3@xxxxxxxxxxxxx>:
Sergio Belkin wrote:
Hi,
I'd want to know if it's possible allos MSN usage along transparent
proxy.
Possible. But not always easy. It depends highly on the type of network
you
have setup (a level of NAT between the client and squid kills it fairly
well).
The schema is as follows:
A user connect with his notebook via Access Point which has OpenWRT
installed. OpenWRT has DNAT rules:
iptables -t nat -A prerouting_rule -i br0 -p tcp --dport 80 -j DNAT
--to-destination $SQUID_IP:8080
iptables -t nat -A prerouting_rule -i br0 -p tcp --dport 1863 -j DNAT
--to-destination SQUID_IP:8080
That NAT happening on the AP would break squid transparency.
The AP needs to do policy-routing to pass only the port-80 packets to the
squid box.
http://wiki.squid-cache.org/ConfigExamples/LinuxPolicyRouteWebTraffic
The NAT part appears to be right, but the Squid box should be the one doing
it.
So But why is web browsing working fine?
Web browsing will work as long as your packets are reaching Squid. What
wil be going wrong there is that your squid will be logging and doing
ACL security checks on the wrong IPs for clients.
There is something about authentication too with MSN,
Where can I red about it?
I don't know I found a mention in google, but it was not very helpful.
full TPROXY may be
needed for that one.
(I've tried the last one and even redirecting 1050, but I'm not sure
if that's right)
Users can browse the web with no problems using transparent proxy
(except SSL sites of course) but they fail to use MSN.
MSN is _supposed_ to have automatic failovers to port 80 that use HTTP.
But
that depends on what other paths it can find through your network first.
Amos
--
Please use Squid 2.7.STABLE1 or 3.0.STABLE6
--
Please use Squid 2.7.STABLE1 or 3.0.STABLE6