Transparent proxy failing
bsilver at chrononomicon.com
Fri Mar 23 18:49:00 UTC 2007
I have two systems currently set up.
A is running squid.
B is running privoxy.
Currently the machine in my network are set up to go through machine
A as a transparent proxy; the DHCP server hands out the address of
machine A as the gateway on the network, and A takes requests to port
80 and forwards them to port 3180 where squid evaluates the URL for
whether it should be blocked (SquidGuard) or retrieved then sent back
to the client.
The squid machine, A, doesn't handle HTTPS blocking. Just doesn't
see the requests, period.
So I set up B. Privoxy can see and block requests to https sites.
I set up B to take a request and forward it to A for "proper"
filtering while B filters ads, https sites, etc.
Now the map goes:
client -> privoxy (B) -> gateway filter (A) -> internet
Privoxy (B) has ip_forward set to one. Privoxy is also running on
If I set the client's gateway address to B's address and then bring
up a website, it goes right to the website, no filtering. If I tell
IE on the client to specifically use the proxy setting of B's ip
address and port 80 as a proxy, the filtering works, logged and all.
Obviously, this makes the filtering not very transparent.
Any idea why I can't just use B's address as a gateway and have the
web traffic seen by the proxy (Privoxy)?
Squid on A is running on FreeBSD, but privoxy is running on an Ubuntu
Linux system, in case someone was wondering why I'd post it here. I
primarily needed a way to block specific HTTPS: addresses, and squid
wasn't even seeing the sites as the users requested them.
More information about the ubuntu-users