natd, ipfw, squid, dansguardian

Peter Rosa prosa at pro.sk
Fri Jan 26 09:13:38 CET 2007


Zdravim vsetkych,

a prosim o pomoc s nastavenim transparent proxy.

Na gateway pouzivam kombinaciu zo [subject]. Konfiguracia je nasledovna:
- firewall v zasade iba robi NAT, inak je otvoreny (pracovna verzia)
- DansGuardian pocuva na DG_IP:8080 (DG_IP je IP vnut. interface)
- Squid pocuva na localhost:3128
- dansguardian.conf:
	 loglevel = 3    # ALL REQUESTS (for https)
- rc.conf:
	firewall_script="/etc/firewall.conf"
	natd_interface="ed0"
	natd_flags="-f /etc/natd.conf"
- natd.conf:
	interface ed0
	log_denied yes
	dynamic yes
	redirect_port tcp DG_IP:8080 80
	redirect_port tcp DG_IP:8080 443
- firewall.conf:
	$fwcmd add 100 allow all from any to any via lo0
	$fwcmd add 105 deny log all from any to 127.0.0.0/8
	$fwcmd add 200 divert natd all from any to any via ed0
	$fwcmd add 300 allow all from any to any

Vsetko bezi OK okrem redirect_port. A v tomto prostredi potrebujem
presmerovat vsetky http/https poziadavky do filtra a proxy. Redirect
zacne fungovat, az ked do firewall.conf zadam:
$fwcmd add 250 fwd DG_IP,8080 tcp from ${inet} to any 80 in via ed1

Toto sa vsak neda pouzit pre port 443 - ak to urobim, uz sa nepripojim
na ziadny https server. Na Goooogli som nasiel, ze musim pouzit NAT
"or something similar". Tak som to skusil, ale zrejme mam niekde chybu,
lebo to nefunguje. Pritom potrebujem len to, aby sa vsetka http/https
komunikacia z vnutornej siete presmerovala na port 8080...

Prosim, pouzivate niekto takuto kombinaciu a rozchodili ste transparent
proxy aj pre https komunikaciu? Ak ano, ako mate nakonfigurovany natd a 
firewall, prosim (aspon vseobecny popis)?

Vdaka za kazdu odpoved.


Prajem prijemny den,

Peter Rosa



More information about the Users-l mailing list