Squid behind a ntml proxy

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Squid behind a ntml proxy

lucas coudures
I have a testing computer with squid and this is behind a ntml proxy
in another computer.
I am using this:

cache_peer xxx.xxx.xxx.xxx parent 3128 0 default

never_direct allow all
i use never_direct because if i don't use this i get the time-out message

this is working ok, now i want to make squid transparent but i can't,
in my home i have a adsl internet connection and squid transparent,
this computer is connected to a router so i have always internet, and
y use squid with:
  http_port xxx.xxx.xxx.xxx:3128 transparent
and work ok, but when i use this rule behind NTML proxy doesn't work =(


--
Lucas Coudures

Registered Linux User #442566
Blog: http://lucas-coudures.blogspot.com/
Jabber: [hidden email]
-------------------------------------------------------------------------------------------------------------------------------------
Este mensaje no contiene virus, debido a que todo su contenido se ha
generado bajo Linux.

Dead is a matter of definition. Free software only dies when the last
copy of the source code is erased.
Reply | Threaded
Open this post in threaded view
|

Re: Squid behind a ntml proxy

Chris Robertson-2
lucas coudures wrote:
> I have a testing computer with squid and this is behind a ntml proxy
> in another computer.
> I am using this:
>
> cache_peer xxx.xxx.xxx.xxx parent 3128 0 default

This seems to indicate that Squid is not passing authentication, which
would make it the last proxy in the chain, but ...

>
> never_direct allow all
> i use never_direct because if i don't use this i get the time-out message

...this indicates that Squid is having to use another proxy.

>
> this is working ok, now i want to make squid transparent but i can't,
> in my home i have a adsl internet connection and squid transparent,
> this computer is connected to a router so i have always internet, and
> y use squid with:
>  http_port xxx.xxx.xxx.xxx:3128 transparent
> and work ok, but when i use this rule behind NTML proxy doesn't work =(
>
>

The flow is a bit unclear to me.  If it goes like...

Client -> Squid -> NTLM Proxy

... then Squid can't be "transparent"*, as you can't mix interception
proxies and authentication**.  If the flow is like...

Client -> NTLM Proxy -> Squid

...then I don't see why it wouldn't work, assuming you have the
interception set up properly.

More information is needed, such as:

How doesn't it work when Squid is set up for interception?
How are you intercepting the traffic and sending it to Squid?
What does the flow actually look like?
Why do you need to set never_direct allow all?  That lends credence to
the "Client -> Squid -> NTLM" setup, which won't allow for interception.

Chris

*Unless your browser is set up to use a proxy and you are intercepting
the traffic intended for THAT proxy.  That might work.  The reasons for
doing such a thing escape me...
** Technically, you can't mix "HTTP proxy authentication" with an
interception proxy.  There are some clever hacks possible for
out-of-band authentication with a transparent setup.