Re: [squid-users] Re: transparent (intercepting?) without wccp, options? from Eliezer Croitoru on 2012-07-04 (squid-users)

From: Eliezer Croitoru <eliezer_at_ngtech.co.il>
Date: Thu, 05 Jul 2012 05:36:34 +0300

On 7/5/2012 4:48 AM, Ezequiel Birman wrote:
>>>>>> "Amos" == Amos Jeffries <squid3_at_treenet.co.nz> writes:
>
> > On 04.07.2012 15:54, Ezequiel Birman wrote:
> >>>>>>> "Eliezer" == Eliezer Croitoru <eliezer_at_ngtech.co.il> writes:
> >>
> > <snip>
>
> >> http://wiki.squid-cache.org/ConfigExamples/Intercept/DebianWithRedirectorAndReporting
> >> >> > this is a good way to start but it wont be a transparent
> >> proxy but > a "nat" proxy but it can be good for your needs as
> >> anyway you have > nat in the RV042.
> >>
> >> Are you sure? The only mention to nat in is in order to redirect
> >> port 80 to 3128 on squid box. This is the intro:
> >> ...
>
> > Yes. There are 4 protocol layers involved. ebtables - rules stops
> > it being a bridge "transparent relay/proxy" and makes it routed
> > traffic. iptables - rules use NAT (interception proxy) instead of
> > TPROXY (transparent proxy). squid - config file uses
> > URL-rewriters to prevent Squid being a HTTP protocol "transparent
> > proxy" (HTTP definition of "transparent proxy" is the Squid
> > default behaviour).
>
> > There is a lot of people confused by the meaning of the word
> > "transparent". With good reason, it has been used out of context
> > so much.
>
> Where should I start then? Could yo point me to some doc, tutorial or
> config example to implement what Eliezer suggested? I mean beside the
> books which I didn't buy yet.
>
> Regards
>
>
dont worry!
i dont know anyone that masters linux and got it all from books he didnt
bout :)

it's pretty simple to implement as long you do understand the concepts.
you will just need to practice and see how all of it actually fits
together as a puzzle.

start with a bridge interface and bridge tools.
it depends on what linux distro you are using.
debian is a nice and simple one.
you need to install the bridge tools + ebtables and configure the bridge
interface for two Ethernet interfaces.
the next step is to add the bridge interface ip address and default route.
all the above can be done in the /etc/...somewhere
this link:
http://wiki.debian.org/BridgeNetworkConnections#Libvirt_and_bridging
can help you a bit.

on debian it will work just like that.. config.. apply settings..
connect one cable .. connect second cable ...done.

after that you can install\compile squid3.1
will be here to help if you need something.

Eliezer

-- 
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il

Received on Thu Jul 05 2012 - 02:36:40 MDT

This archive was generated by hypermail 2.2.0 : Fri Jul 06 2012 - 12:00:01 MDT