[Chilli] Squid transparent proxy on same server

Daniel Berteaud daniel at firewall-services.com
Thu Apr 22 17:25:45 UTC 2010 

Le mardi 20 avril 2010 à 15:17 +1000, Jason Allen a écrit :

> For the information of other (potential) users, I have not been able
> to get this successfully work with the Squid proxy on the same server
> as chilli (ie. HS_POSTAUTH_PROXY = 127.0.0.1). I have confirmed, via
> lynx, that squid works fine for localhost/127.0.0.1 connections, but
> it does not work through chilli for chilli authenticated clients.
> 
> Debug logs showed redirection to squid, but according to squid logs it
> (squid) was not receiving the request.
> 
> Unfortunately, I'm not development minded enough to know what the
> problem is or might be. If anyone has it working in this scenario, I
> would like to hear from you if your willing to provide some advice on
> your configuration.

Hi.

I had the exact same problem: running squid on the same server than
chilli. I solved it without the postauthproxy and postauthproxyport
which I think are only for upstream proxy.

To let squid running on the same server without letting it open for
unauthenticated client, I used some conup/condown script, which insert
the correct rules in iptables (the default being to deny squid access
for everyone). I attache those I use as example (of course, you'll have
to adapt it to your environnement. In mine, all the traffic to/from
chilli is sent to some special chain called FORWARD_FROM_CHILLI,
FORWARD_TO_CHILLI, PREROUTING_FROM_CHILLI etc...).

In my script I also have some special settings for the distribution that
I use (SME Server), you can skip it of course. (all the db configuration
getprop etc...)

Oh, and one last thing, you run chilli with reduced privileges, you
should call these scripts with some other wrapper scripts which uses
sudo.

Regards, Daniel

> 
> 
> Thanks.
> 
> -- 
> Cheers,
> Jason
> _______________________________________________
> Chilli mailing list
> Chilli at coova.org
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli

-- 
Daniel Berteaud
FIREWALL-SERVICES SARL.
Société de Services en Logiciels Libres
Technopôle Montesquieu
33650 MARTILLAC
Tel : 05 56 64 15 32
Fax : 05 56 64 15 32
Mail: daniel at firewall-services.com
Web : http://www.firewall-services.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: condown.sh
Type: application/x-shellscript
Size: 523 bytes
Desc: not available
URL: <http://lists.coova.org/pipermail/chilli/attachments/20100422/bb15e082/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: conup.sh
Type: application/x-shellscript
Size: 549 bytes
Desc: not available
URL: <http://lists.coova.org/pipermail/chilli/attachments/20100422/bb15e082/attachment-0001.bin>

More information about the Chilli mailing list