So I guess mine is not the 'standard' architecture for
a NAT-VPN and Proxy ...
Maybe the best solution would be keep them separate,
and setting up a box that act 'only' as a Proxy ?

could someone provide their own experience in HOW and
"WHERE" build a Proxy on a NET having a
NAT-Firewall-VPN that is already working ?!

thanks all

--- Mark Cooke ha scritto: >
On Mon, 2004-03-01 at 12:01, Elsen Marc wrote in
> reply to:
> >
> >
> > > -- iptables -t nat -A PREROUTING -i eth1 -p tcp
> > > --dport 80 -j REDIRECT --to-port 3128 --
> > >
> > > But with this rule in, I get that all users,

> even if
> > > they don't set their Browsers to use a Proxy,

> can surf
> > > the WEB withouth being authenticated by Squid,

> but
> > > passing through the Proxy anyway (in fact I can

> see
> > > them on my Access.log file)
> > >
> > > what I wish to do is to set the Squid or

> Firewall
> > > settings to impose a Squid Authentication even

> if my
> > > users don't set their Browsers to use a Proxy,

> so
> > >
> > > USER1 Browser-configured --> Authentication =

> Allowed
> > >
> > > USER2 NoBrowser-configured --> Authentication or

> ERROR
> > > You are not allowed to ...
> > >

> > You can't at least in in the squid context :
> >
> >

>

http://www.squid-cache.org/Doc/FAQ/FAQ-17.html#ss17.15
>
> But the workaround is to setup the redirect to a web
> server you control
> that explains how to setup the browser to use your
> proxy, instead of
> trying to transparently direct it to squid.
>
> Ie, --to-destination as well as --to-port (so you
> don't have to run a
> web server on your firewall).
>
> iptables -t nat --dport 80 -j REDIRECT
> --to-destination
> my.proxyinstruction.server --to-port 80
>
> When you setup the web server, just map all URLs to
> the proxy setup
> instructions (because iptables can't change the
> requested URL). If you
> have an machine running as an existing web server,
> just use a different
> port number and a virtual host, or similar.
>
> Cheers,
>
> Mark
>
> --
> Mark Cooke
>


__________________________________________________ ____________________
Yahoo! Mail: 6MB di spazio gratuito, 30MB per i tuoi allegati, l'antivirus, il filtro Anti-spam
http://it.yahoo.com/mail_it/foot/?ht...ail.yahoo.com/