[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Automated Proxy for all Terminal



On Wed, 20 Feb 2002, James wrote:

>Use iptables to transparently redirect all web requests to Squid.
>
>http://www.linuxdoc.org/HOWTO/mini/TransparentProxy-5.html
>
>Any request from a workstation to the web on port 80 is redirected to Squid and 
>thus proxied out via Squid.  The proxying and filtering is transparent.  No 
>proxy server in settings.  It is just basically, you plug it in, and go to use 
>the web and all web traffic from workstations are redirected.
>
>- James

Only if it were so easy ;-)

It is pretty easy if you have a seperate box that all of your traffic
passes through.

In order to do transparent proxying, your proxy has to be in serial with
the defaul route. Otherwise, you're going to have to configure the client
so that it knows where to find the proxy.

It also has to be a seperate box. The original poster mentioned terminals,
it is non-trivial to have the terminal server also do transparent proxying.
The main gotcha is that transparent proxying is usually done in pre-routing
(for iptables) or input (for ipchains) rules. Pre-routing/input rules only
work on traffic passing THROUGH the box, they do not have an affect on
traffic that ORIGINATES from the box.

In a default terminal server setup, the traffic would be originating from
the server, so the pre-routing/input rules would not work. I'm fairly sure
that you could make a series of iptables rules convoluted enough to make it
work, but it'd be easier just to build a seperate proxy box ;-)

-Eric

>Quoting David Trask <dtrask vcs u52 k12 me us>:
>
>> brandon friedman techknowledgy co za writes:
>> >Why not use transparent proxying?
>> 
>> Can you elaborate?
>> 
>> David N. Trask
>> Technology Teacher/Coordinator
>> Vassalboro Community School
>> dtrask vcs u52 k12 me us
>> (207)923-3100
>> 





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]