On 18/05/2013 1:52 p.m., juhan wrote:
I have squid installed in office at dedicated box but i want to filter
traffic outgoing from home too. Squid is in intercept mode and works for
connections from office. And from the home router i redirected all port 80
traffic to squid IP address. But as the destination of packets are squid
machine squid directs requests to his own IP address. So if one tries to
connect with browser from home he gets connection refused error (logically)
since the web page does not reside on local squid server. My question is if
it is possible to let squid re-resolve to the right address of the page ? Or
maybe run another service which modifies IP packet destination based on DNS
queries before squid processes the traffic. (I dont have VPN)
Nooooo! We just spent 3 years of very difficult work preventing that
from being done.
CVE-2009-0801 security vulnerability and all its side effects.
The only reason you are having problems is because you are using NAT to
force the external connections throught the proxy. If you were to use
WPAD/PAC, directly configuring the browser to use the proxy, or even
using a VPN / tunnel to make the packets go out via the office
interception systems you would not be having this NAT problem.
Amos
