TRANSPARENT PROXY and Squid

From: Eric Dumazet <dumazet@dont-contact.us>
Date: Thu, 12 Sep 1996 16:34:40 +0100

Hello everybody.

I'am using squid-1.0.11 on a Linux machine, acting as a firewall/proxy
for my company.

After seeing the TRANSPARENT PROXY capability of recent linux kernel,
I would like to use this with squid.

The main advantage would be that my collegues would'nt have to worry about
configuring their browser, because the linux machine is already the
gateway for our Internet access. And I would'nt have to explain to
my collegues how to configure their browser (!)

I have done some tests about Transparent proxying :
My squid server listen for incoming requests on port 8080.

If I issue the command :
/sbin/ipfwadm -I -a acc -P tcp -S any/0 -D any/0 80 -r 8081

Then, the gateway intercepts the connection and redirects it to a local
application listening on port 8081, instead of forwarding it to the
real destination.

The local application does an accept() and can obtain the IP address
of the destination wanted by the browser with getsockname().

This hack could be used by squid with some modifications :

When the browser ask a page (the / for example), squid should receive
GET / HTTP/1.0

instead of
GET http://www.somesite.com/ HTTP/1.0

Thus, I am thinking of adding a configuration option in squid.conf,
telling squid to listen to another port (8081 for example) for incoming
connections, redirected by the TRANSPARENT proxy facility in the kernel.

If an accept is done on this port, squid would know about the hack,
and would issue getsockname() in order to know the IP address of the
web server asked. Squid should insert th IP address in the request
coming from the browser, before entering the main code of the proxy.

What do you think of this idea ?

Eric dumazet
edumazet@cosmosbay.com
Received on Thu Sep 12 1996 - 07:36:11 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:32:59 MST