Re: transparent proxy with Squid?
On %M 0, Louis-David Mitterrand wrote
> Has anybody successfuly configured Linux and Squid to act as a
> transparent proxy? I have looked at the Squid FAQ and an interesting
> pointer provided by it
> (http://alderan.gurulink.com/transproxy-linux21-squid2.html) but have
> not succeded yet. All squid configuration options and and ipchains
> commands having been entred the www requests still go right past squid.
>
It worked for me; I installed tproxyd, booted a kernel with transparent
proxy support, and followed the advice in /usr/doc/tproxyd (from memory).
> I am using the latest Debian-potato snapshot with Squid-2.2 and kernel
> 2.2.7 on our masquerading firewall.
>
> Thanks in advance for any help.
>
> PS: are there well-known disadvantages in using transparent proxying?
> (vs. configuring each browser on our LAN)
>
The only ones I am aware of are:
- If squid is 'fooled' into treating a dynamic page as static, you
may see the wrong page, just like with any proxy;
- If a server provides non-HTTP services (e.g., SSL) on port 80 you
won't be able to access them, as you are going via squid;
- You don't get proxying for HTTP servers on unusual ports (81, 8080);
- If squid stops/exercises a bug you can't just turn off or change
your proxy from your workstation.
I don't know how serious these are in the real world, but #4 is quite
rare.
John P.
--
huiac@camtech.net.au
john@huiac.apana.org.au
"Oh - I - you know - my job is to fear everything." - Bill Gates in Denmark
Reply to: