Differences

This shows you the differences between two versions of the page.

Link to this comparison view

bsd:pf_squid_transparent [2010/01/12 13:29] (current)
Line 1: Line 1:
 +Suite à un article paru sur GCU il n'y a pas si longtemps que ça pour faire\\ ​
 +du "​transparent proxy" à l'aide de IPFW 
 +j'ai décidé de montrer comment faire la même chose avec PF. 
  
 +Alors tout d'​abord la configuration de SQUID: ​
 +
 +<​code>​
 +------------------------------------- SNiP ------------------------------------ ​
 +http_port 3128
 +httpd_accel_host virtual
 +httpd_accel_port 80
 +httpd_accel_with_proxy on
 +httpd_accel_uses_host_header on
 +cache_dir null /tmp
 +cache_access_log /​usr/​local/​squid/​logs/​access.log
 +cache_log /​usr/​local/​squid/​logs/​cache.log
 +ftp_user squid@
 +ftp_passive off
 +
 +
 +acl all src 0.0.0.0/​0.0.0.0
 +acl manager proto cache_object
 +acl localhost src 127.0.0.1/​255.255.255.255
 +acl SSL_ports port 443 563
 +acl Safe_ports port 80          # http
 +acl Safe_ports port 21          # ftp
 +acl Safe_ports port 443 563     # https, snews
 +acl Safe_ports port 70          # gopher
 +acl Safe_ports port 210         # wais
 +acl Safe_ports port 1025-65535 ​ # unregistered ports
 +acl Safe_ports port 280         # http-mgmt
 +acl Safe_ports port 488         # gss-http
 +acl Safe_ports port 591         # filemaker
 +acl Safe_ports port 777         # multiling http
 +acl CONNECT method CONNECT
 +------------------------------------- SNiP ------------------------------------ ​
 +</​code>​
 +Et ensuite la configuration de PF (il faudra l'​adapter selon votre cas ) 
 +<​code>​
 +------------------------------------- SNiP ------------------------------------ ​
 +
 +ext_if= "​eth0"​
 +int_if= "​eth1"​
 +int_net= "​10.0.0.0/​27"​
 +
 +rdr on $int_if proto tcp from $int_net to any port 80 -> 127.0.0.1 port 3128
 +pass in on $int_if proto tcp from $int_net to 127.0.0.1 port 3128 keep state
 +
 +------------------------------------- SNiP ------------------------------------ ​
 +</​code>​
 +Voila voila 
 +aflab.
bsd/pf_squid_transparent.txt · Last modified: 2010/01/12 13:29 (external edit)