Re: [squid-users] using squid from home and office

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 18 May 2013 16:16:52 +1200

On 18/05/2013 1:52 p.m., juhan wrote:
> I have squid installed in office at dedicated box but i want to filter
> traffic outgoing from home too. Squid is in intercept mode and works for
> connections from office. And from the home router i redirected all port 80
> traffic to squid IP address. But as the destination of packets are squid
> machine squid directs requests to his own IP address. So if one tries to
> connect with browser from home he gets connection refused error (logically)
> since the web page does not reside on local squid server. My question is if
> it is possible to let squid re-resolve to the right address of the page ? Or
> maybe run another service which modifies IP packet destination based on DNS
> queries before squid processes the traffic. (I dont have VPN)

Nooooo! We just spent 3 years of very difficult work preventing that
from being done.
CVE-2009-0801 security vulnerability and all its side effects.

The only reason you are having problems is because you are using NAT to
force the external connections throught the proxy. If you were to use
WPAD/PAC, directly configuring the browser to use the proxy, or even
using a VPN / tunnel to make the packets go out via the office
interception systems you would not be having this NAT problem.

Amos
Received on Sat May 18 2013 - 04:17:03 MDT

This archive was generated by hypermail 2.2.0 : Sat May 18 2013 - 12:00:17 MDT