squid and sunscreen

From: Dusan (dkulisie_at_truni.sk)
Date: 04/26/05


Date: 26 Apr 2005 02:34:45 -0700

Recently I have implemented squid proxy in our network and I am
intending to make all users use it defaultly. For that I need to make
a transparent proxy and make it to accept all the redirected packets.
I have the problem with this redirection. I quite do not know how to
set up my FW to redirect all the packets on port 80 (and other www
ports) to the squid-machine.
I am using SunScreen in routing mode as a firewall {and this choice
for fw is the source of the problem - I know it now :-) }
Have anybody had any experience going through something like this? How
to set up policies in sunscreen?, so the packets would flow smoothly
without any cycling of requests from squid itself.
Thank you very very much in advance.
Dusan

(Please, don't recommend to me an IP filter, because I cannot now
replace the existing FW and have to do the transparent proxy quickly
in the existing environment.)



Relevant Pages

  • Re: Update: UDP 770 Potential Worm
    ... > the network immediately after the 'attack', ... were no packets indicating some form of replication. ... I noticed that the UDP ... > of the UDP datagrams is the IP address of the proxy? ...
    (Incidents)
  • Re: Update: UDP 770 Potential Worm
    ... > were no packets indicating some form of replication. ... > my capture was limited due to the switched ... to see if the problem occurs on the test network, ... The proxy had already been isolated from the ...
    (Incidents)
  • Re: [fw-wiz] dirty packet tricks?
    ... solve via promiscuously sucking up packets. ... restriction that your 'sideways' proxy box is it will have to be on a hub ... The firewall will have to suppress all ICMP errors to the internal network ...
    (Firewall-Wizards)
  • a problem with nat table setting
    ... linux PC and the webserver before I start the proxy, ... http packet will not be passed to the proxy, ... Chain INPUT (policy ACCEPT 3574 packets, ...
    (comp.os.linux.misc)
  • a problem with nat table setting
    ... linux PC and the webserver before I start the proxy, ... http packet will not be passed to the proxy, ... Chain INPUT (policy ACCEPT 3574 packets, ...
    (comp.os.linux.embedded)