Date: Sat, 20 Aug 2005 04:28:24 +0200 From: Daniel Hartmeier <daniel@benzedrine.cx> To: sephiroth <sephiroths@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: Bypass transparent proxy Message-ID: <20050820022824.GC31370@insomnia.benzedrine.cx> In-Reply-To: <4306DCFB.1070200@gmail.com> References: <4306DCFB.1070200@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Aug 20, 2005 at 02:34:19PM +0700, sephiroth wrote: > i have question about transparent proxy. I read the manual in > http://benzedrin.cx about transparent proxy with squid. I have network > with 20 client connect to internet and i have implement that manual in > my server. I want my client only use proxy in my server. My question is > why the client still can bypass my proxy using another anonymous proxy. If a client tries to reach another (external) proxy through port 80, it won't bypass your proxy. In this case, the HTTP connection will pass through the chain of your proxy (first) and then the external one. This is not considered bypassing :) A client might use an external proxy using a different port (not 80), in which case the pf rdr rule will simply not apply and won't redirect through your proxy. If that's what you want to prevent, you'll have to either a) block all connections to ports other than 80 or b) redirect connections to ANY port to your proxy, i.e. remove the 'port www' part of the 'rdr' rule Either of those will obviously break connections used for other applications and protocols. Daniel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050820022824.GC31370>