Subject: Re: The right proxy server
To: Sam Carleton <>
From: Cy Schubert - ITSD Open Systems Group <>
List: tech-security
Date: 07/22/2001 20:36:07
In message <>, Sam Carleton writes:
> Folks,
> I would like to setup a proxy server for FTP and HTTP, what do folks
> recommend?

Squid has a transparent HTTP and FTP proxy mode which is specified at 
configuration time, prior to build.  On my firewall here at home, I 
have the following ipnat.conf statements:

rdr ed0  !from X.X.X.X to any port = 80 ->  port 3128 tcp
rdr ed1  !from X.X.X.X to any port = 80 ->  port 3128 tcp


ed0 and ed1 are internal interfaces on my two internal networks.  dc0 
is my external interface.  tun3 is an IPSec VPN to the office using 
pipsecd, which is virtually an external interface when viewed in 
perspective from my network at home.

From a previous note today, IIRC your external interface is iy0 and 
your internal interface is ex0.  As you probably don't have the issues 
that I'm circumventing, your rdr statement would be simpler than mine 
and look like,

rdr ex0  0/0 port 80 ->  port 3128 tcp

... that's right, the rdr must be specified on your internal interface 
because that is where you need intercept your web traffic to redirect 
to Squid.

Regards,                         Phone:  (250)387-8437
Cy Schubert                        Fax:  (250)387-5766
Team Leader, Sun/Alpha Team   Internet:
Open Systems Group, ITSD, ISTA
Province of BC