squid to ftp and https
Q
q_dolan at yahoo.com.au
Mon Dec 22 05:14:45 PST 2003
You can only transparently proxy unencrypted data streams. There is no
point in proxying port 443 because the SSL protocol is designed to
prevent exactly this from being possible.
So port 443 is out.. but there are a few others that are still viable..
and it's not very hard to setup.
Make sure you have to following set in squid:
httpd_accel_host virtual
httpd_accel_port 0
And then just add the necessary rules to ipfw like so:
00500 fwd 192.168.100.254,3128 tcp from 192.168.100.0/24 to any dst-port
80
00500 fwd 192.168.100.254,3128 tcp from 192.168.100.0/24 to any dst-port
81
00500 fwd 192.168.100.254,3128 tcp from 192.168.100.0/24 to any dst-port
8080
00500 fwd 192.168.100.254,3128 tcp from 192.168.100.0/24 to any dst-port
8081
You can also redirect 'ftp' (port 21) using the "Frox" port in exactly
the same way, but ftp is a more complicated protocol, so it may break
things for some client/server combinations.
Seeya...Q
On Mon, 2003-12-22 at 21:16, Eicke wrote:
> Hi folks,
>
> I am using a FreeBSD server as transparent proxy server. To make this I use
> ipfw to foward port 80 requests.
> I have a doubt, I like that 443, 8080, 8000, 8081 ports and FTP pass through
> proxy too.
> How can I make this?
>
>
> Thanks and regards.
> Eicke.
>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
More information about the freebsd-net
mailing list