Search squid archive

Re: change packet flow to have transparent squid proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hey,

What exactly are you trying to do?
HTTP proxies have their own ACL rules like in a firewall.
If you need to block specific traffic then you should enforce the ACL inside the proxy and not rely on the FW. Adding an external acl helper that will do the same thing as iptables is only a matter of minutes of coding. If you have one example I believe I can try to write some helper that will do what you need. 

All The Bests,
Eliezer

On 2018-09-15 08:23, morteza omidian wrote:

Hi
I am in a dire need about using squid in my Linux iptables firewall as
a transparent proxy.
In my linux iptables firewall i want to do iptables rules and controls
in forward chain and after that do http filtering with squid, because
of that i need to change netfilter packet flow and send packets to
squid(app layer, user space) after forward chain, and then get them
back to kernel space to continue their's way in forward chain and then
go out, SOMETHING LIKE OTHER FIREWALS AND UTM(like Pfsense or
opensense and ....) does.
In my situation, i want squid to place AFTER my FORWARDS iptables
rules,by default squid is listen on input port of machine but its not
what i want and redirect packets to the input chain does not work for
me.
I think NFQUEUE is a good solution for my problem but i don't know
that is possible to change squid source code to get packets from
nfqueue? or does nfqueue can keep the packet state and handle TCP
connection?
I want to change My packet flow like this: client-request >>>
prerouting > Nat > forward > squid-cache > post-routing >>>>
HTTP(s)-server
The IMPORTANT part is that forward rules must check before packets
forwards to squid. i don't want packets destinate to input chain of
firewall. I thought maybe its possible to use DAQ ,like the way snort
use or nfqueue in iptables. I need some help about that, please help
me if its possible or THERE ARE ANY OTHER WAYS TO SOLVE IT.

Thanks a lot
Morteza Omidian
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users


--
----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer@xxxxxxxxxxxx
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux