El 04/07/12 02:07, Amos Jeffries escribió:
> On 04.07.2012 07:05, Linos wrote:
>> Hi,
>> i have configured transparent proxy sometimes for the local network LAN, but
>> now i want to actually control the output traffic from the machine
>> running the
>> squid itself without have to configure manually browsers and other network
>> programs, i can't get it to work using iptables, what rule should i be using?
>>
>> Regards,
>> Miguel Angel.
>
>
> Sorry your message is not clear. What do you have setup? and what exactly are
> you trying to reach?
>
> From what I gather;
> you have a somewhat proper proxy configuration already in use and want to
> downgrade it to a full-blown MITM security attack on your clients instead?
>
> This might help:
> http://wiki.squid-cache.org/SquidFaq/ConfiguringBrowsers#Recommended_network_configuration
>
>
> Amos
>
Yes, my message it's not clear, sorry, i will explain through examples, suppose
my Squid computer it's 192.168.1.254 and my lan 192.168.1.0/24, to get computers
in my lan use transparent proxy i do:
1) configure squid.conf http_port (in 192.168.1.254 Squid computer) in
"transparent" mode
2) i use 192.168.1.254 as gateway for computers in my lan
3) in Squid computer i use "iptables -t nat -A PREROUTING -i eth0 -p tcp --dport
80 -j REDIRECT --to-port 3128"
After that if, for example, the computer 192.168.1.2 browse the net the url
visited from there appear in access.log at Squid computer as usual without the
need to configure the browser of this computer to use the proxy, perfect.
What i don't know how to do it's intercept web traffic from a browser used in
192.168.1.254, i have one office where the Squid computer it's a desktop as well
and i would like to transparent proxy the browsers of the Squid machine itself.
Regards,
Miguel Angel.
Received on Wed Jul 04 2012 - 07:31:09 MDT
This archive was generated by hypermail 2.2.0 : Wed Jul 04 2012 - 12:00:02 MDT