This is a discussion on RE: [squid-users] Squid and Firewall rules - squid ; So I guess mine is not the 'standard' architecture for a NAT-VPN and Proxy ... Maybe the best solution would be keep them separate, and setting up a box that act 'only' as a Proxy ? could someone provide their ...
So I guess mine is not the 'standard' architecture for
a NAT-VPN and Proxy ...
Maybe the best solution would be keep them separate,
and setting up a box that act 'only' as a Proxy ?
could someone provide their own experience in HOW and
"WHERE" build a Proxy on a NET having a
NAT-Firewall-VPN that is already working ?!
--- Mark Cooke
ha scritto: >
On Mon, 2004-03-01 at 12:01, Elsen Marc wrote in
> reply to:
> > > -- iptables -t nat -A PREROUTING -i eth1 -p tcp
> > > --dport 80 -j REDIRECT --to-port 3128 --
> > >
> > > But with this rule in, I get that all users,
> even if
> > > they don't set their Browsers to use a Proxy,
> can surf
> > > the WEB withouth being authenticated by Squid,
> > > passing through the Proxy anyway (in fact I can
> > > them on my Access.log file)
> > >
> > > what I wish to do is to set the Squid or
> > > settings to impose a Squid Authentication even
> if my
> > > users don't set their Browsers to use a Proxy,
> > >
> > > USER1 Browser-configured --> Authentication =
> > >
> > > USER2 NoBrowser-configured --> Authentication or
> > > You are not allowed to ...
> > >
> > You can't at least in in the squid context :
> But the workaround is to setup the redirect to a web
> server you control
> that explains how to setup the browser to use your
> proxy, instead of
> trying to transparently direct it to squid.
> Ie, --to-destination as well as --to-port (so you
> don't have to run a
> web server on your firewall).
> iptables -t nat --dport 80 -j REDIRECT
> my.proxyinstruction.server --to-port 80
> When you setup the web server, just map all URLs to
> the proxy setup
> instructions (because iptables can't change the
> requested URL). If you
> have an machine running as an existing web server,
> just use a different
> port number and a virtual host, or similar.
> Mark Cooke
Yahoo! Mail: 6MB di spazio gratuito, 30MB per i tuoi allegati, l'antivirus, il filtro Anti-spam