Transparent proxy failing

Bart Silverstrim bsilver at chrononomicon.com
Fri Mar 23 18:49:00 UTC 2007


I have two systems currently set up.
A is running squid.
B is running privoxy.

Currently the machine in my network are set up to go through machine  
A as a transparent proxy; the DHCP server hands out the address of  
machine A as the gateway on the network, and A takes requests to port  
80 and forwards them to port 3180 where squid evaluates the URL for  
whether it should be blocked (SquidGuard) or retrieved then sent back  
to the client.

The squid machine, A, doesn't handle HTTPS blocking.  Just doesn't  
see the requests, period.

So I set up B.  Privoxy can see and block requests to https sites.

I set up B to take a request and forward it to A for "proper"  
filtering while B filters ads, https sites, etc.

Now the map goes:
client -> privoxy (B) -> gateway filter (A) -> internet

Privoxy (B) has ip_forward set to one.  Privoxy is also running on  
port 80.

If I set the client's gateway address to B's address and then bring  
up a website, it goes right to the website, no filtering.  If I tell  
IE on the client to specifically use the proxy setting of B's ip  
address and port 80 as a proxy, the filtering works, logged and all.   
Obviously, this makes the filtering not very transparent.

Any idea why I can't just use B's address as a gateway and have the  
web traffic seen by the proxy (Privoxy)?

Additional note:
Squid on A is running on FreeBSD, but privoxy is running on an Ubuntu  
Linux system, in case someone was wondering why I'd post it here.  I  
primarily needed a way to block specific HTTPS: addresses, and squid  
wasn't even seeing the sites as the users requested them.

-Bart Silverstrim





More information about the ubuntu-users mailing list