Squid Transparent HTTP Proxy - 2 ETH Links - HTTP Proxy

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Squid Transparent HTTP Proxy - 2 ETH Links - HTTP Proxy

Norbert Naveen

Hello Admins ,

 

Pls refer to the Image as in

 

https://drive.google.com/open?id=0B_dDVNpzSGEKZmFPWHFLWlJJMUU

 

The Setup will be as attached  in URL Above …

Server which will Host Squid will have Two Interfaces with 2 Different VLAN Tags

Content Inspection Engine will REROUTE all HTTP Traffic Through the Links coming to Squid Server .

Squid Server has to act as TRANSPARENT PROXY

 

One Possible way of doing it IP tables and Masquerading SRC IP

But … Without Changing Src or Dst IP address . How to achieve the same ?

 

ALL HTTP Traffic will be forward from 1 to 2 and Squid will be in between

We will have to Forward all traffic on 1 to 2 .. ?

 

 

Thanks

Naveen

 


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Squid Transparent HTTP Proxy - 2 ETH Links - HTTP Proxy

Eliezer Croitoru
It depends on the equipment..
What you should do is to use the switch to pass all traffic to the squid mac
address and mirror all traffic to the probe node.
What switch do you have there?

Eliezer

----
http://ngtech.co.il/lmgtfy/
Linux System Administrator
Mobile: +972-5-28704261
Email: [hidden email]


From: squid-users [mailto:[hidden email]] On
Behalf Of Norbert Naveen
Sent: Wednesday, June 14, 2017 4:30 PM
To: [hidden email]
Subject: [squid-users] Squid Transparent HTTP Proxy - 2 ETH Links - HTTP
Proxy

Hello Admins ,

Pls refer to the Image as in

https://drive.google.com/open?id=0B_dDVNpzSGEKZmFPWHFLWlJJMUU

The Setup will be as attached  in URL Above …
Server which will Host Squid will have Two Interfaces with 2 Different VLAN
Tags
Content Inspection Engine will REROUTE all HTTP Traffic Through the Links
coming to Squid Server .
Squid Server has to act as TRANSPARENT PROXY

One Possible way of doing it IP tables and Masquerading SRC IP
But … Without Changing Src or Dst IP address . How to achieve the same ?

ALL HTTP Traffic will be forward from 1 to 2 and Squid will be in between
We will have to Forward all traffic on 1 to 2 .. ?


Thanks
Naveen


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Squid Transparent HTTP Proxy - 2 ETH Links - HTTP Proxy

Antony Stone
On Wednesday 14 June 2017 16:58:01 Eliezer  Croitoru wrote:

> It depends on the equipment..
> What you should do is to use the switch to pass all traffic to the squid mac
> address and mirror all traffic to the probe node.

http://wiki.squid-cache.org/ConfigExamples/#Interception may give you some
useful guidelines, depending on what your equipment is.

Alternatively you could do policy routing on the "Core Router", giving the
internal IP address of the Squid server as the gateway for HTTP/S traffic, and
then you do the standard Intercept NAT on the Squid machine so that it gets
processed.

http://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect

Squid then has the "Internet Router" as its gateway to the outside.

The important thing is *not* to do any Destination NAT on traffic to try to get
it to hit the Squid box.  The destination IPs of the packets must remain
unchanged (ie: wherever they were trying to get to on the Internet).


Regards,


Antony.

> From: squid-users [mailto:[hidden email]] On
> Behalf Of Norbert Naveen
> Sent: Wednesday, June 14, 2017 4:30 PM
> To: [hidden email]
> Subject: [squid-users] Squid Transparent HTTP Proxy - 2 ETH Links - HTTP
> Proxy
>
> Hello Admins ,
>
> Pls refer to the Image as in
>
> https://drive.google.com/open?id=0B_dDVNpzSGEKZmFPWHFLWlJJMUU
>
> The Setup will be as attached  in URL Above …
> Server which will Host Squid will have Two Interfaces with 2 Different VLAN
> Tags
> Content Inspection Engine will REROUTE all HTTP Traffic Through the Links
> coming to Squid Server .
> Squid Server has to act as TRANSPARENT PROXY
>
> One Possible way of doing it IP tables and Masquerading SRC IP
> But … Without Changing Src or Dst IP address . How to achieve the same ?
>
> ALL HTTP Traffic will be forward from 1 to 2 and Squid will be in between
> We will have to Forward all traffic on 1 to 2 .. ?

--
If you want to be happy for an hour, get drunk.
If you want to be happy for a year, get married.
If you want to be happy for a lifetime, get a garden.

                                                   Please reply to the list;
                                                         please *don't* CC me.

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Squid Transparent HTTP Proxy - 2 ETH Links - HTTP Proxy

Norbert Naveen
In reply to this post by Eliezer Croitoru
Hello Eliezer,
 Switch - Cisco 3750
 Did not understand the " mirror all traffic to the probe node."
Thanks
Naveen

-----Original Message-----
From: Eliezer Croitoru [mailto:[hidden email]]
Sent: Wednesday, June 14, 2017 7:28 PM
To: [hidden email]
Cc: [hidden email]
Subject: RE: [squid-users] Squid Transparent HTTP Proxy - 2 ETH Links - HTTP
Proxy

It depends on the equipment..
What you should do is to use the switch to pass all traffic to the squid mac
address and mirror all traffic to the probe node.
What switch do you have there?

Eliezer

----
http://ngtech.co.il/lmgtfy/
Linux System Administrator
Mobile: +972-5-28704261
Email: [hidden email]


From: squid-users [mailto:[hidden email]] On
Behalf Of Norbert Naveen
Sent: Wednesday, June 14, 2017 4:30 PM
To: [hidden email]
Subject: [squid-users] Squid Transparent HTTP Proxy - 2 ETH Links - HTTP
Proxy

Hello Admins ,

Pls refer to the Image as in

https://drive.google.com/open?id=0B_dDVNpzSGEKZmFPWHFLWlJJMUU

The Setup will be as attached  in URL Above … Server which will Host Squid
will have Two Interfaces with 2 Different VLAN Tags Content Inspection
Engine will REROUTE all HTTP Traffic Through the Links coming to Squid
Server .
Squid Server has to act as TRANSPARENT PROXY

One Possible way of doing it IP tables and Masquerading SRC IP But … Without
Changing Src or Dst IP address . How to achieve the same ?

ALL HTTP Traffic will be forward from 1 to 2 and Squid will be in between We
will have to Forward all traffic on 1 to 2 .. ?


Thanks
Naveen


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Squid Transparent HTTP Proxy - 2 ETH Links - HTTP Proxy

Norbert Naveen
In reply to this post by Eliezer Croitoru
Hello Eliezer,
 Switch - Cisco 3750
 Did not understand the " mirror all traffic to the probe node."
Thanks
Naveen

-----Original Message-----
From: Eliezer Croitoru [mailto:[hidden email]]
Sent: Wednesday, June 14, 2017 7:28 PM
To: [hidden email]
Cc: [hidden email]
Subject: RE: [squid-users] Squid Transparent HTTP Proxy - 2 ETH Links - HTTP
Proxy

It depends on the equipment..
What you should do is to use the switch to pass all traffic to the squid mac
address and mirror all traffic to the probe node.
What switch do you have there?

Eliezer

----
http://ngtech.co.il/lmgtfy/
Linux System Administrator
Mobile: +972-5-28704261
Email: [hidden email]


From: squid-users [mailto:[hidden email]] On
Behalf Of Norbert Naveen
Sent: Wednesday, June 14, 2017 4:30 PM
To: [hidden email]
Subject: [squid-users] Squid Transparent HTTP Proxy - 2 ETH Links - HTTP
Proxy

Hello Admins ,

Pls refer to the Image as in

https://drive.google.com/open?id=0B_dDVNpzSGEKZmFPWHFLWlJJMUU

The Setup will be as attached  in URL Above … Server which will Host Squid
will have Two Interfaces with 2 Different VLAN Tags Content Inspection
Engine will REROUTE all HTTP Traffic Through the Links coming to Squid
Server .
Squid Server has to act as TRANSPARENT PROXY

One Possible way of doing it IP tables and Masquerading SRC IP But … Without
Changing Src or Dst IP address . How to achieve the same ?

ALL HTTP Traffic will be forward from 1 to 2 and Squid will be in between We
will have to Forward all traffic on 1 to 2 .. ?


Thanks
Naveen


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Loading...