transparent proxy with authentication

From: Julian Elischer <julian@dont-contact.us>
Date: Fri, 17 Jul 1998 00:48:38 -0700 (PDT)

I recently added the ability to FreeBSD to be able too do transparent
proxy suport in a similar manner to The existing Linux scheme.

the command BTW is:
ipfw add 100 fwd 127.0.0.1,3128 tcp from any to any 80 out xmit X recv Y

where X is your internal interface and Y is your external interface.
Other possibilities are of course usable.

anyhow I have 2 comments.. in 1.1.21, the port number squid takes as
being the target, is not inherritted from the original request but is
instead a static number. is this because of some problem that (maybe)Linux
has? does not a getsockname() return the original destination port?

if it does (as it does in FreeBSD) then it should be
derived from (int) (ntohs( (mumble)->me.sin_port))
rather than the static value 3130. .(or whatever is in squid.conf)
 (this is in icp.c)

Am I missing something?

secondly.

It Seems impossible to forward packets to Squid, and have it demand
authentication from the user, unless the user has his browser
already doing proxying, which makes the point of transparent proxy rather
moot.
I need user identification, as I may need to block some users.

Is there some setting that can force authentication?

(My present setup just fails in this setup because the authentication is
done with NULL user and passwd info) It never attempts to ask teh user to
identify himself.
 I've read the FAQ and spent a few hours looking at the code
but thought I'd ask her ebefore spending more time on it in cse someone
can
give a quick answer.

julian
(julian@freebsd.org)
Received on Fri Jul 17 1998 - 00:59:20 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:41:09 MST