Asim Ahmed @ Folio3 wrote:
Hi,
I am using squid 3.0 STABLE20 on RHEL5 in conjunction with shorewall
4.4.4-1. I am using squid in non-transparent proxy mode. Currently I m
working like this:
Shorewall & squid are installed on same box. Shorewall is listening on
this box on local interface and forwarding all http (port 80) traffic
to squid-port (3128). since squid is running in non-transparent mode,
I've set all client browsers with this proxy's address & port. Now
i've two questions that might only be performance issue or may be i m
doing some extra work here: I am using this because I need to process
all other traffic (ftp / ssh / gopher / https) through shorewall. Only
port 80 traffic shud go to squid.
1. When squid is running in non-transparent mode and client browsers
are set with proxy address & port, is it necessary to still redirect
port 80 traffic to squid through shorewall?
No. If you want, you can block outbound port 80 traffic, or redirect it
to a page that gives instructions on setting up the proxy.
Should not all clients automatically communicate with squid on that
address & port?
Yes, as long as they are configured to.
2. Does squid dorectly listen to traffic sent to it from client
browsers or it needs the traffic redirected to it by another software
like iptables / shhorewall?
This is what Squid was originally designed to do. Dealing with
intercepted traffic is an add-on.
I am confused b/w two scenarios what approach should be taken?
Further, how can i send https traffic to squid as well for filtering.
This is usually a browser setting. Often there is a "Use this proxy for
all protocols" check box, or you can specify an HTTP, SSL, and Gopher
proxy separately.
Chris
