Asim Ahmed @ Folio3 wrote:
> Hi,
>
> I am using squid 3.0 STABLE20 on RHEL5 in conjunction with shorewall
> 4.4.4-1. I am using squid in non-transparent proxy mode. Currently I m
> working like this:
>
> Shorewall & squid are installed on same box. Shorewall is listening on
> this box on local interface and forwarding all http (port 80) traffic
> to squid-port (3128). since squid is running in non-transparent mode,
> I've set all client browsers with this proxy's address & port. Now
> i've two questions that might only be performance issue or may be i m
> doing some extra work here: I am using this because I need to process
> all other traffic (ftp / ssh / gopher / https) through shorewall. Only
> port 80 traffic shud go to squid.
>
> 1. When squid is running in non-transparent mode and client browsers
> are set with proxy address & port, is it necessary to still redirect
> port 80 traffic to squid through shorewall?
No. If you want, you can block outbound port 80 traffic, or redirect it
to a page that gives instructions on setting up the proxy.
> Should not all clients automatically communicate with squid on that
> address & port?
Yes, as long as they are configured to.
>
> 2. Does squid dorectly listen to traffic sent to it from client
> browsers or it needs the traffic redirected to it by another software
> like iptables / shhorewall?
This is what Squid was originally designed to do. Dealing with
intercepted traffic is an add-on.
>
>
> I am confused b/w two scenarios what approach should be taken?
> Further, how can i send https traffic to squid as well for filtering.
This is usually a browser setting. Often there is a "Use this proxy for
all protocols" check box, or you can specify an HTTP, SSL, and Gopher
proxy separately.
Chris
Received on Tue Dec 15 2009 - 19:05:24 MST
This archive was generated by hypermail 2.2.0 : Wed Dec 16 2009 - 12:00:02 MST