Transparent Squid Proxy for Windows

Protecting your Linux box

Transparent Squid Proxy for Windows

Postby ranatanveer » Fri Dec 09, 2005 12:49 am

i have installed squid for windows over windows XP and it is working fine with, as i am running ICS and Squid both, but problem is that it could not work out to be without forcing the proxy in web browser.
is there any way to run squid proxy transparently on windows platform?

because at linux/fedora platform, we add the following lines to squid.conf to attain this facility:

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on


and to iptables script

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

what to do at windows platform ??
could any one guide ?
ranatanveer
Subedar
 
Posts: 355
Joined: Sat May 07, 2005 11:54 am
ICQ: 133032001
Website: http://www.affordableprogrammers.com
WLM: ranatanveer@gmail.com
Yahoo Messenger: ranahard@yahoo.com
Location: Lahore

Re : Transparent Squid Proxy for Windows

Postby zAm » Fri Dec 09, 2005 8:39 am

Hello,
ranatanveer .... i never experience squid over Windows platform .. but as far as i see ... the problem might be from firewall . r u running any firewall ? if yes , then forward port 80 to your squid port
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 'your squid port'
have you edit the following lines in your configuration files httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
? also make sure that you have compile squid with --enable-ipf-transparent .
for more info visit
http://www.faqs.org/docs/Linux-mini/TransparentProxy.html#toc4
Have Fun
Regards,
zAm (Lyarianz Internet Cable Network)
Proud To Be Lyarianz !
zAm
Havaldaar
 
Posts: 148
Joined: Wed Oct 19, 2005 9:28 am
Website: http://www.zubair.moghal.ukonline.co.uk
WLM: z_moghal@hotmail.com
Yahoo Messenger: z_moghal@yahoo.com
Location: Pakistan, Karachi

Postby compucated » Fri Dec 09, 2005 3:05 pm

You cann't use SQUID-NT as transparent proxy.
Transparent proxy feature is not not available with NT port.

# Known Limitations:
Squid features not operational:
DISKD: needs to be ported - Volunteers are welcome
WCCP: cannot work because GRE support on Windows is missing - Volunteers are welcome
Transparent Proxy: missing Windows non commercial interception driver
Some code sections can make blocking calls
Some external helpers may not work
File Descriptors number hard-limited to 2048

http://www.acmeconsulting.it/pagine/ope ... idnt25.htm

regards
Hamid Ashraf
compucated
Naik
 
Posts: 75
Joined: Mon Oct 13, 2003 5:06 am
WLM: compucated(at)msn(dot)com
Yahoo Messenger: activatedpower(at)yahoo(dot)com
Location: Karachi, Pakistan

Postby ranatanveer » Sun Dec 11, 2005 4:48 pm

Thank you zAm and thanks a lot Hameed Ashraf for your tips
ranatanveer
Subedar
 
Posts: 355
Joined: Sat May 07, 2005 11:54 am
ICQ: 133032001
Website: http://www.affordableprogrammers.com
WLM: ranatanveer@gmail.com
Yahoo Messenger: ranahard@yahoo.com
Location: Lahore

Simple

Postby syedali999 » Mon Dec 19, 2005 9:33 pm

Hi All,

i was reading this thread.
i think it is simple.
what if we force squid to listen on port 80?

http_port 80

it will surely work. as i test it.
but, make sure users has set their default gateway to the ip of the squid box.
syedali999
Battalion Havaldaar Major
 
Posts: 252
Joined: Sun May 29, 2005 1:45 am
Website: http://www.wol.net.pk
WLM: alirizvi@khi.wol.net.pk
Location: Karachi

Postby ranatanveer » Tue Dec 20, 2005 8:58 am

thank you Syed Ali
i will apply this and let you inform
ranatanveer
Subedar
 
Posts: 355
Joined: Sat May 07, 2005 11:54 am
ICQ: 133032001
Website: http://www.affordableprogrammers.com
WLM: ranatanveer@gmail.com
Yahoo Messenger: ranahard@yahoo.com
Location: Lahore

Re: Simple

Postby LinuxFreaK » Tue Dec 20, 2005 9:11 am

Dear syedali999,
Salam,

syedali999 wrote:what if we force squid to listen on port 80?


Did you test it on Windows ?

As he told that he is trying to use Squid as Transparent Proxy Server under Windows.

Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

Re: Simple

Postby zAm » Tue Dec 20, 2005 2:47 pm

syedali999 wrote:Hi All,

i was reading this thread.
i think it is simple.
what if we force squid to listen on port 80?

http_port 80

it will surely work. as i test it.
but, make sure users has set their default gateway to the ip of the squid box.

Hello,
syedali999 , i don't think that's a good way out to "ranatanveer's" problem . he wanted to transparently proxied the http_port under Windows platform , & under Linux we used to do this with iptables , so if we force squid to listen on port '80' so still the clients need to enter the IP address & port manually in their Internet Explorer settings . ranatanveer , i don't think there would be any way out for windows , squid built generally to run on Linux , some freaks made this to run over Windows , probably it works well too but not the same result as under Linux. so i'd better recommend you too kick off your Windows machine & get Linux . feel freeee to use it . Thanks
Regards,
zAm (Lyarianz Internet Cable Network)
Proud To Be Lyarianz !
zAm
Havaldaar
 
Posts: 148
Joined: Wed Oct 19, 2005 9:28 am
Website: http://www.zubair.moghal.ukonline.co.uk
WLM: z_moghal@hotmail.com
Yahoo Messenger: z_moghal@yahoo.com
Location: Pakistan, Karachi

Postby ranatanveer » Tue Dec 20, 2005 4:17 pm

Dear zAm

you are absolutely right. because i am alrady using linux flavour at my network and also running a cable setup.

one my clint insist me to run squid on windows platform, because he did not know the linux. thats why i installs squid on windows xp, and after forcing the proxy its performance was excellent. and than i face the problem regarding tranparancy. because i havent any idea about it thats why this post.
Regards

Rana Tanveer
+923224194457
Linux Student

For Affordable Web Development http://www.affordableprogrammers.com
http://www.qualityprogrammers.com
ranatanveer
Subedar
 
Posts: 355
Joined: Sat May 07, 2005 11:54 am
ICQ: 133032001
Website: http://www.affordableprogrammers.com
WLM: ranatanveer@gmail.com
Yahoo Messenger: ranahard@yahoo.com
Location: Lahore

Re: Simple

Postby syedali999 » Tue Dec 20, 2005 6:40 pm

LinuxFreaK wrote:Dear syedali999,
Salam,

syedali999 wrote:what if we force squid to listen on port 80?


Did you test it on Windows ?

As he told that he is trying to use Squid as Transparent Proxy Server under Windows.

Best Regards.


Hi Farrukh,

I Test it after reading your post again and guess what it works.

lets describe you my scenario.

i compile squid on MS-Windows 2000 Advance Server. and set the parameters of http_port to 80.

as u know when a browser make request, it transmits data on port 80 which is the default port of http protocol.

when Squid-box is set as default gateway in client machine, so the request first go to squid machine.
and squid was listening on port 80. it keeps the request and continues forward procedures.

*Note that IIS must be un-install or stopped on squid box. otherwise it will carry your request.

Thanks,

S. Rizvi

===============================
Customer Support Executive
Customer Support Department
World Online (TM)
E-mail: alirizvi@khi.wol.net.pk
================================
syedali999
Battalion Havaldaar Major
 
Posts: 252
Joined: Sun May 29, 2005 1:45 am
Website: http://www.wol.net.pk
WLM: alirizvi@khi.wol.net.pk
Location: Karachi

Re: Simple

Postby syedali999 » Tue Dec 20, 2005 8:26 pm

zAm wrote:Hello,
syedali999 , i don't think that's a good way out to "ranatanveer's" problem . he wanted to transparently proxied the http_port under Windows platform , & under Linux we used to do this with iptables , so if we force squid to listen on port '80' so still the clients need to enter the IP address & port manually in their Internet Explorer settings . ranatanveer , i don't think there would be any way out for windows , squid built generally to run on Linux , some freaks made this to run over Windows , probably it works well too but not the same result as under Linux. so i'd better recommend you too kick off your Windows machine & get Linux . feel freeee to use it . Thanks
Regards,
zAm (Lyarianz Internet Cable Network)


Hi Zam,
I think that i post the solution after reading the topic. and if i m not wrong i suggest him the solution. :cry:

we use iptables not for transparent proxy but for redirecting port 80 to 3128 coz Squid is there.what if squid is on port 80? there will be no need of redirecting coz packets are coming to right direction. :wink: it is only a firewall and nothing has to do with transparency.
the same scenario can also be done in linux if you force squid to listen on port 80. it will directly listening and there will be no need to redirect ports.
syedali999
Battalion Havaldaar Major
 
Posts: 252
Joined: Sun May 29, 2005 1:45 am
Website: http://www.wol.net.pk
WLM: alirizvi@khi.wol.net.pk
Location: Karachi

Postby halplus » Tue Aug 29, 2006 3:32 pm

Hi:

That is wrong, you are not interpreting correctly the information they provide and that's bad since you are providing that false information to a couple of persons around. There IS support for transparent proxy in squidNT but there is no free driver to reroute all traffic going to the port 80 to the squid port buuuuuut if you compile the squid with transparent support and then you figure out how to redirect that traffic then you have a transparent cache. Start that transparent caching right NOW and forget about the rumours !!! ;) SquidNT CAN do that!!!

compucated wrote:You cann't use SQUID-NT as transparent proxy.
Transparent proxy feature is not not available with NT port.

# Known Limitations:
Squid features not operational:
DISKD: needs to be ported - Volunteers are welcome
WCCP: cannot work because GRE support on Windows is missing - Volunteers are welcome
Transparent Proxy: missing Windows non commercial interception driver
Some code sections can make blocking calls
Some external helpers may not work
File Descriptors number hard-limited to 2048

http://www.acmeconsulting.it/pagine/ope ... idnt25.htm

regards
Hamid Ashraf
halplus
Cadet
 
Posts: 1
Joined: Tue Aug 29, 2006 3:16 pm


Return to “%s” Security

Who is online

Users browsing this forum: No registered users and 2 guests

cron