On 10/9/07, Lars Noodin <[EMAIL PROTECTED]> wrote:
> Tony Bruguier wrote:
> ...
> > I would like to install an HTTP proxy.
> ...
>
> Squid is recommended. Read the directions carefully and you will have
> to make one or two changes to the configuration.
>
> Have squid listen localhost and then tunnel to get to it.
>
I make squid listen on 127.0.0.1 port 8080 in the squid configuration
file by editing
==============================
http_port 127.0.0.1:8080
===============================
the in pf.conf I use this redirection rule
=================================================================
rdr on $int_if proto tcp from any to any port 8080 -> 127.0.0.1 port 8080
=================================================================
Now people on the network will have to configure in their browser the
$int_if IP address and port 8080 for proxy settings.
this is O.K as long as the system is also doing nat proxying of http/htps
you could block nat proxying of http/https by adding the rule ( given
below ) before the above rule
================================================================
no nat on $ext_if from any to any port { 80, 443 }
================================================================
Feel free to ask if you have any doubts or if anything is not clear :-)
kind regards
Siju
