Re: squid to ftp and https
From: Q (q_dolan_at_yahoo.com.au)
Date: 12/22/03
- Previous message: Eicke: "squid to ftp and https"
- In reply to: Eicke: "squid to ftp and https"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: Eicke <eick.jac@terra.com.br> Date: Mon, 22 Dec 2003 22:56:56 +1000
You can only transparently proxy unencrypted data streams. There is no
point in proxying port 443 because the SSL protocol is designed to
prevent exactly this from being possible.
So port 443 is out.. but there are a few others that are still viable..
and it's not very hard to setup.
Make sure you have to following set in squid:
httpd_accel_host virtual
httpd_accel_port 0
And then just add the necessary rules to ipfw like so:
00500 fwd 192.168.100.254,3128 tcp from 192.168.100.0/24 to any dst-port
80
00500 fwd 192.168.100.254,3128 tcp from 192.168.100.0/24 to any dst-port
81
00500 fwd 192.168.100.254,3128 tcp from 192.168.100.0/24 to any dst-port
8080
00500 fwd 192.168.100.254,3128 tcp from 192.168.100.0/24 to any dst-port
8081
You can also redirect 'ftp' (port 21) using the "Frox" port in exactly
the same way, but ftp is a more complicated protocol, so it may break
things for some client/server combinations.
Seeya...Q
On Mon, 2003-12-22 at 21:16, Eicke wrote:
> Hi folks,
>
> I am using a FreeBSD server as transparent proxy server. To make this I use
> ipfw to foward port 80 requests.
> I have a doubt, I like that 443, 8080, 8000, 8081 ports and FTP pass through
> proxy too.
> How can I make this?
>
>
> Thanks and regards.
> Eicke.
>
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Eicke: "squid to ftp and https"
- In reply to: Eicke: "squid to ftp and https"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
