Mailinglist Archive: opensuse-security (636 mails)

< Previous Next >
Re: [suse-security] Transparent proxy ...
  • From: "Alexander Noack" <alex@xxxxxxxxxxxxxxxx>
  • Date: Mon, 5 Feb 2001 12:31:46 +0100
  • Message-id: <003501c08f67$38da2dc0$0211a8c0@xxxxxxxxxxxxxxxxxxx>
Hi Richard,

I have a site where there is Squid setup as transparent proxy.
What you will want to do is setup Squid to run as httpd_accel(erator)
and to redirect the outgoing traffic on port 80 to Squid using ipchains.

Here's part of the Squid-conf:

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
http_access deny !localdomains (where you set "acl localdomains src
your.network/requirednetmask")
proxy_auth /etc/httpd/htpasswd (having all users in /etc/httpd/htpasswd,
use htpasswd that comes with apache)

and to redirect the traffic execute
ipchains -A output -i external_device -p TCP -d any/0 80 -j REDIRECT
your_squid_port

make sure tu have your kernel compiled with "Transparent_Proxy yes"

You should consider not to cache ssl connections.
Ftp will only work as ftp over http (e.g. the ftp your browser uses)
I don't know of any NNTP proxy. What you can do is to setup a local
newsfeed like leafnode and restrict access to it.

You definetly should have a look at the Transparent Proxy mini-HOWTO
(www.linuxdoc.org)

Regards,

Alex


< Previous Next >
Follow Ups