Transparent Squid Proxy for Windows

Protecting your Linux box
Post Reply
ranatanveer
Subedar
Posts: 355
Joined: Sat May 07, 2005 11:54 am
Location: Lahore
Contact:

Transparent Squid Proxy for Windows

Post by ranatanveer »

i have installed squid for windows over windows XP and it is working fine with, as i am running ICS and Squid both, but problem is that it could not work out to be without forcing the proxy in web browser.
is there any way to run squid proxy transparently on windows platform?

because at linux/fedora platform, we add the following lines to squid.conf to attain this facility:

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on


and to iptables script

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

what to do at windows platform ??
could any one guide ?
zAm
Havaldaar
Posts: 148
Joined: Wed Oct 19, 2005 9:28 am
Location: Pakistan, Karachi
Contact:

Re : Transparent Squid Proxy for Windows

Post by zAm »

Hello,
ranatanveer .... i never experience squid over Windows platform .. but as far as i see ... the problem might be from firewall . r u running any firewall ? if yes , then forward port 80 to your squid port
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 'your squid port'
have you edit the following lines in your configuration files httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
? also make sure that you have compile squid with --enable-ipf-transparent .
for more info visit
http://www.faqs.org/docs/Linux-mini/Tra ... .html#toc4
Have Fun
Regards,
zAm (Lyarianz Internet Cable Network)
Proud To Be Lyarianz !
compucated
Naik
Posts: 75
Joined: Mon Oct 13, 2003 5:06 am
Location: Karachi, Pakistan
Contact:

Post by compucated »

You cann't use SQUID-NT as transparent proxy.
Transparent proxy feature is not not available with NT port.
# Known Limitations:
Squid features not operational:
DISKD: needs to be ported - Volunteers are welcome
WCCP: cannot work because GRE support on Windows is missing - Volunteers are welcome
Transparent Proxy: missing Windows non commercial interception driver
Some code sections can make blocking calls
Some external helpers may not work
File Descriptors number hard-limited to 2048
http://www.acmeconsulting.it/pagine/ope ... idnt25.htm

regards
Hamid Ashraf
ranatanveer
Subedar
Posts: 355
Joined: Sat May 07, 2005 11:54 am
Location: Lahore
Contact:

Post by ranatanveer »

Thank you zAm and thanks a lot Hameed Ashraf for your tips
syedali999
Battalion Havaldaar Major
Posts: 252
Joined: Sun May 29, 2005 1:45 am
Location: Karachi
Contact:

Simple

Post by syedali999 »

Hi All,

i was reading this thread.
i think it is simple.
what if we force squid to listen on port 80?

http_port 80

it will surely work. as i test it.
but, make sure users has set their default gateway to the ip of the squid box.
ranatanveer
Subedar
Posts: 355
Joined: Sat May 07, 2005 11:54 am
Location: Lahore
Contact:

Post by ranatanveer »

thank you Syed Ali
i will apply this and let you inform
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re: Simple

Post by LinuxFreaK »

Dear syedali999,
Salam,
syedali999 wrote:what if we force squid to listen on port 80?
Did you test it on Windows ?

As he told that he is trying to use Squid as Transparent Proxy Server under Windows.

Best Regards.
Farrukh Ahmed
zAm
Havaldaar
Posts: 148
Joined: Wed Oct 19, 2005 9:28 am
Location: Pakistan, Karachi
Contact:

Re: Simple

Post by zAm »

syedali999 wrote:Hi All,

i was reading this thread.
i think it is simple.
what if we force squid to listen on port 80?

http_port 80

it will surely work. as i test it.
but, make sure users has set their default gateway to the ip of the squid box.
Hello,
syedali999 , i don't think that's a good way out to "ranatanveer's" problem . he wanted to transparently proxied the http_port under Windows platform , & under Linux we used to do this with iptables , so if we force squid to listen on port '80' so still the clients need to enter the IP address & port manually in their Internet Explorer settings . ranatanveer , i don't think there would be any way out for windows , squid built generally to run on Linux , some freaks made this to run over Windows , probably it works well too but not the same result as under Linux. so i'd better recommend you too kick off your Windows machine & get Linux . feel freeee to use it . Thanks
Regards,
zAm (Lyarianz Internet Cable Network)
Proud To Be Lyarianz !
ranatanveer
Subedar
Posts: 355
Joined: Sat May 07, 2005 11:54 am
Location: Lahore
Contact:

Post by ranatanveer »

Dear zAm

you are absolutely right. because i am alrady using linux flavour at my network and also running a cable setup.

one my clint insist me to run squid on windows platform, because he did not know the linux. thats why i installs squid on windows xp, and after forcing the proxy its performance was excellent. and than i face the problem regarding tranparancy. because i havent any idea about it thats why this post.
Regards

Rana Tanveer
+923224194457
Linux Student

For Affordable Web Development http://www.affordableprogrammers.com
http://www.qualityprogrammers.com
syedali999
Battalion Havaldaar Major
Posts: 252
Joined: Sun May 29, 2005 1:45 am
Location: Karachi
Contact:

Re: Simple

Post by syedali999 »

LinuxFreaK wrote:Dear syedali999,
Salam,
syedali999 wrote:what if we force squid to listen on port 80?
Did you test it on Windows ?

As he told that he is trying to use Squid as Transparent Proxy Server under Windows.

Best Regards.
Hi Farrukh,

I Test it after reading your post again and guess what it works.

lets describe you my scenario.

i compile squid on MS-Windows 2000 Advance Server. and set the parameters of http_port to 80.

as u know when a browser make request, it transmits data on port 80 which is the default port of http protocol.

when Squid-box is set as default gateway in client machine, so the request first go to squid machine.
and squid was listening on port 80. it keeps the request and continues forward procedures.

*Note that IIS must be un-install or stopped on squid box. otherwise it will carry your request.

Thanks,

S. Rizvi

===============================
Customer Support Executive
Customer Support Department
World Online (TM)
E-mail: alirizvi@khi.wol.net.pk
================================
syedali999
Battalion Havaldaar Major
Posts: 252
Joined: Sun May 29, 2005 1:45 am
Location: Karachi
Contact:

Re: Simple

Post by syedali999 »

zAm wrote: Hello,
syedali999 , i don't think that's a good way out to "ranatanveer's" problem . he wanted to transparently proxied the http_port under Windows platform , & under Linux we used to do this with iptables , so if we force squid to listen on port '80' so still the clients need to enter the IP address & port manually in their Internet Explorer settings . ranatanveer , i don't think there would be any way out for windows , squid built generally to run on Linux , some freaks made this to run over Windows , probably it works well too but not the same result as under Linux. so i'd better recommend you too kick off your Windows machine & get Linux . feel freeee to use it . Thanks
Regards,
zAm (Lyarianz Internet Cable Network)
Hi Zam,
I think that i post the solution after reading the topic. and if i m not wrong i suggest him the solution. :cry:

we use iptables not for transparent proxy but for redirecting port 80 to 3128 coz Squid is there.what if squid is on port 80? there will be no need of redirecting coz packets are coming to right direction. :wink: it is only a firewall and nothing has to do with transparency.
the same scenario can also be done in linux if you force squid to listen on port 80. it will directly listening and there will be no need to redirect ports.
halplus
Cadet
Posts: 1
Joined: Tue Aug 29, 2006 3:16 pm

Post by halplus »

Hi:

That is wrong, you are not interpreting correctly the information they provide and that's bad since you are providing that false information to a couple of persons around. There IS support for transparent proxy in squidNT but there is no free driver to reroute all traffic going to the port 80 to the squid port buuuuuut if you compile the squid with transparent support and then you figure out how to redirect that traffic then you have a transparent cache. Start that transparent caching right NOW and forget about the rumours !!! ;) SquidNT CAN do that!!!
compucated wrote:You cann't use SQUID-NT as transparent proxy.
Transparent proxy feature is not not available with NT port.
# Known Limitations:
Squid features not operational:
DISKD: needs to be ported - Volunteers are welcome
WCCP: cannot work because GRE support on Windows is missing - Volunteers are welcome
Transparent Proxy: missing Windows non commercial interception driver
Some code sections can make blocking calls
Some external helpers may not work
File Descriptors number hard-limited to 2048
http://www.acmeconsulting.it/pagine/ope ... idnt25.htm

regards
Hamid Ashraf
Post Reply