On 1/03/2012 12:42 a.m., Muhammad Yousuf Khan wrote:
Thanks, it means i have to shift it back to proxy mode. since i am still using it on testing environment it wouldn't be an hurdle for me.
"back"? Squid since version 2.6 have been able to open multiple ports simultaneously. Several traffic modes entering one proxy is pretty common these days.
The advised best-practice for a portal proxy installation is to layer the modes. With regular forward-proxy ports available. And WPAD/PAC deployed to the network to encourage their use as much as possible. Then interception as a backup method of receiving the traffic. With NAT or TPROXY deployed to catch port 80 and maybe 443/HTTPS if your locale can do that. Then firewall rules deployed to control what the proxy does not or cannot do (for example the rules Naira mentioned).
There are also a few other tricks like dnsmasq and a reverse-proxy port amongst the interception tools if you get desperate.
Amos
