squid redirect
This is a discussion on squid redirect within the comp.unix.bsd.openbsd.misc forums, part of the OpenBSD category; --> Openbsd 3.3 trying to redirect port 80 to a localhost proxy which passes to squid. Only works when I ...
| |||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-16-2008, 04:53 AM
| ||||
| ||||
 squid redirect Openbsd 3.3 trying to redirect port 80 to a localhost proxy which passes to squid. Only works when I have the ip & port number (10.0.0.3:80) specified in web browser proxy, even though the default route points to the machine doing the proxying so should connect same way even without proxy specified. Config snips below - nat.conf rdr on rl1 proto tcp from 10.0.0.0/8 to 10.0.0.3/32 port 80 -> 127.0.0.1/32 port 8080 inetd.conf 127.0.0.1:8080 stream tcp nowait nobody /usr/bin/nc nc -w 20 10.0.0.3 3128 pf.conf Basically allow all traffic (:      |
|
02-16-2008, 04:53 AM
| |||
| |||
| Re: squid redirect On Thu, 6 Nov 2003 14:46:52 +1100, "Monkey Boy" <phase00@hotmail.com> reported to us: >Openbsd 3.3 trying to redirect port 80 to a localhost proxy which passes to >squid. >Only works when I have the ip & port number (10.0.0.3:80) specified in web >browser proxy, even though the default route points to the machine doing the >proxying so should connect same way even without proxy specified. Config >snips below - > >nat.conf >rdr on rl1 proto tcp from 10.0.0.0/8 to 10.0.0.3/32 port 80 -> 127.0.0.1/32 >port 8080 > > >inetd.conf >127.0.0.1:8080 stream tcp nowait nobody /usr/bin/nc nc -w 20 10.0.0.3 3128 > >pf.conf >Basically allow all traffic (: > You have to make squid from the ports, with the "transparent" flavor. Remove the current package, env FLAVOR="transparent" make; env FLAVOR="transparent" make install. Some instructions on how to use squid in transparent is here... http://www.squid-cache.org/Doc/FAQ/FAQ-17.html HTH, Wally "No one has ever had an idea in a dress suit." Sir Frederick G. Banting |
|
02-16-2008, 04:54 AM
| |||
| |||
| Re: squid redirect Already using the transparent option and also compiling from newer source. Heres my config options. ../configure --enable-removal-policies="lru heap" \ --enable-storeio="ufs diskd" \ --sysconfdir=/etc/squid \ --datadir="/var/squid/share/squid" \ --localstatedir="/var/squid" \ --enable-auth="ntlm" \ --enable-ntlm-auth-helpers="SMB" \ --enable-useragent-log \ --enable-pf-transparent "Wally Bedford" <rot13of_jorqsbeq@pnanqn.pbz> wrote in message news:r5ekqvs7umtsqgfghrgrt6nlskhmbjhcki@4ax.com... > On Thu, 6 Nov 2003 14:46:52 +1100, "Monkey Boy" <phase00@hotmail.com> > reported to us: > > >Openbsd 3.3 trying to redirect port 80 to a localhost proxy which passes to > >squid. > >Only works when I have the ip & port number (10.0.0.3:80) specified in web > >browser proxy, even though the default route points to the machine doing the > >proxying so should connect same way even without proxy specified. Config > >snips below - > > > >nat.conf > >rdr on rl1 proto tcp from 10.0.0.0/8 to 10.0.0.3/32 port 80 -> 127.0.0.1/32 > >port 8080 > > > > > >inetd.conf > >127.0.0.1:8080 stream tcp nowait nobody /usr/bin/nc nc -w 20 10.0.0.3 3128 > > > >pf.conf > >Basically allow all traffic (: > > > You have to make squid from the ports, with the "transparent" flavor. > Remove the current package, env FLAVOR="transparent" make; env > FLAVOR="transparent" make install. > > Some instructions on how to use squid in transparent is here... > http://www.squid-cache.org/Doc/FAQ/FAQ-17.html > > HTH, > > > > Wally > > "No one has ever had an idea in a dress suit." > Sir Frederick G. Banting |
|
02-16-2008, 04:54 AM
| ||||
| ||||
| Re: squid redirect strange I setup httpd_accel_host on port 80, took out the pf redirects and now its works fine, but problem with ntlm authenication Im using. I can authenicate fine if workstation is a member of the domain, but if a computer isn't a member of the 2k domain it timesout. I've setup authenication to prompt for username/passwd/domain if it cant get it via ntlm. I get prompted for authenication if I enable and manually enter port 3128 into the proxies. Some how when squid picks up a request from port 80 it doesn't bother with prompting for auth. unless its on port 3128. hmm "Monkey Boy" <phase00@hotmail.com> wrote in message news:boenm9$hlt$1@perki.connect.com.au... > Already using the transparent option and also compiling from newer source. > > Heres my config options. > > ./configure --enable-removal-policies="lru heap" \ > > --enable-storeio="ufs diskd" \ > > --sysconfdir=/etc/squid \ > > --datadir="/var/squid/share/squid" \ > > --localstatedir="/var/squid" \ > > --enable-auth="ntlm" \ > > --enable-ntlm-auth-helpers="SMB" \ > > --enable-useragent-log \ > > --enable-pf-transparent > > > > "Wally Bedford" <rot13of_jorqsbeq@pnanqn.pbz> wrote in message > news:r5ekqvs7umtsqgfghrgrt6nlskhmbjhcki@4ax.com... > > On Thu, 6 Nov 2003 14:46:52 +1100, "Monkey Boy" <phase00@hotmail.com> > > reported to us: > > > > >Openbsd 3.3 trying to redirect port 80 to a localhost proxy which passes > to > > >squid. > > >Only works when I have the ip & port number (10.0.0.3:80) specified in > web > > >browser proxy, even though the default route points to the machine doing > the > > >proxying so should connect same way even without proxy specified. Config > > >snips below - > > > > > >nat.conf > > >rdr on rl1 proto tcp from 10.0.0.0/8 to 10.0.0.3/32 port 80 -> > 127.0.0.1/32 > > >port 8080 > > > > > > > > >inetd.conf > > >127.0.0.1:8080 stream tcp nowait nobody /usr/bin/nc nc -w 20 10.0.0.3 > 3128 > > > > > >pf.conf > > >Basically allow all traffic (: > > > > > You have to make squid from the ports, with the "transparent" flavor. > > Remove the current package, env FLAVOR="transparent" make; env > > FLAVOR="transparent" make install. > > > > Some instructions on how to use squid in transparent is here... > > http://www.squid-cache.org/Doc/FAQ/FAQ-17.html > > > > HTH, > > > > > > > > Wally > > > > "No one has ever had an idea in a dress suit." > > Sir Frederick G. Banting > > |
Linear Mode
