[geeks] pf question: doing internal rdr?
Phil Stracchino
alaric at metrocast.net
Tue Jun 8 07:44:29 CDT 2010
On 06/08/10 03:45, Michael-John Turner wrote:
> On Wed, Jun 02, 2010 at 05:46:58PM -0400, Phil Stracchino wrote:
>> Can anyone point me at a way to do this that will work with clients on
>> the same segment as the squid proxy, but does not require a manual proxy
>> setting on the client (and thus cannot be evaded at the client simply by
>> clearing the proxy setting)?
>
> I'm pretty certain it's not possible to do what you want to do,
> unfortunately - all transparent proxying setups I've seen have Squid
> running on the same system as pf. If you could do that, and compile Squid
> with transparent proxying support, it's possible.
I was wondering if that's what I was going to need to do, actually. The
thought had crossed my mind. I just haven't done all the research yet.
Ideally, I'd prefer to be able to have user-specific URL block/allow
lists, but I can get by for most purposes with ip-specific URL
block/allow lists. Unfortunately most of the squid add-on filtering
tools I've found appear to either not do what I want, or build only on
Linux. I've actually wondered whether it'd be easier to build my own,
if I could just find documentation on squid's plugin interface.
--
Phil Stracchino, CDK#2 DoD#299792458 ICBM: 43.5607, -71.355
alaric at caerllewys.net alaric at metrocast.net phil at co.ordinate.org
Renaissance Man, Unix ronin, Perl hacker, Free Stater
It's not the years, it's the mileage.
More information about the geeks
mailing list