[Chilli] Coovachilli and Squid Transparent on the same host

Mohsen Saeedi mohsen.saeedi at gmail.com
Wed May 16 18:53:02 UTC 2012


I know coova works with pcap. and kmod-coova is in experimental state 
and it doesn't do anything now.

I have some idea. do can we replace pcap with pf_ring? pf_ring is very 
faster than pcap. I think 100 or 1000 times faster.

do coova uses pcap for forwarding traffic to squid? which library or 
technique it use to do this task.

Thanks


/*Venkatesh K <kaevee at gmail.com>*/ wrote on Thu, 17 May 2012 00:19:29 +0530:
> Hi you need to set
>
> HS_POSTAUTH_PROXY=<host or ip>
> HS_POSTAUTH_PROXYPORT=<port>
>
> I have't done any performance comparision with iptables forwarding. I 
> believe coova-chilli forwarding directly to proxy should not have any 
> performance impact. I could be wrong.
>
> Venkatesh. K
>
>
> On Thu, May 17, 2012 at 12:11 AM, Mohsen Saeedi 
> <mohsen.saeedi at gmail.com <mailto:mohsen.saeedi at gmail.com>> wrote:
>
>     Hi
>
>     Thanks. i'm going to set as you said. which parameter, should i
>     set on defaults config file for chilli?
>
>     Do you know about performance? do you compare proxy/port solution
>     with iptables rules solution?
>
>
>     Thanks
>
>
>     /*Venkatesh K <kaevee at gmail.com <mailto:kaevee at gmail.com>>*/ wrote
>     on Wed, 16 May 2012 23:31:00 +0530:
>
>         Hi,
>
>         You don't need to setup any iptables rules. As long as you
>         have configured Squid as transparent proxy and setup
>         proxy/port in Coova Chilli config, it will work. The proxy can
>         exist in same server.
>
>         Regards,
>
>         Venkatesh. K
>
>
>         On Wed, May 16, 2012 at 11:19 PM, Germano Paciocco
>         <germano.paciocco at gmail.com
>         <mailto:germano.paciocco at gmail.com>
>         <mailto:germano.paciocco at gmail.com
>         <mailto:germano.paciocco at gmail.com>>> wrote:
>
>            Hi all.
>            I'm tryng to setup a Coovachilli installation with the same
>         server
>            of a transparent squid proxy. I read this thread
>         http://lists.coova.org/pipermail/chilli/2010-April/001315.html,
>            and it reports that HS_POSTAUTH_PROXY and HS_POSTAUTH_PROXYPORT
>            are only for upstream (external?) proxies, is ti true? I
>         read that
>            in prior versions of Coovachilli there were HS_PROXY and
>            HS_PROXYPORT that maybe would have worked in my scenario:
>         are they
>            unsupported on later versions?
>
>            If firewall rules are the only solution, anyone can help me
>         with
>            iptables to do the same job? I need all traffic of
>         authenticated
>            session should pass through a squid proxy listening on
>            127.0.0.1... I tried some simple rule, and I can't get packets
>            forwarded to the listening proxy, that I checked working on
>            localhost:3128.
>
>            It seems that Daniel Berteaud, on the last post to the thread i
>            linked before, posted his script, but I can't find it attached!
>
>            Thank you very much... kind regards!
>
>            --     GP
>
>            _______________________________________________
>            Chilli mailing list
>         Chilli at coova.org <mailto:Chilli at coova.org>
>         <mailto:Chilli at coova.org <mailto:Chilli at coova.org>>
>         http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>
>
>
>
>
>         _______________________________________________
>         Chilli mailing list
>         Chilli at coova.org <mailto:Chilli at coova.org>
>         http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>
>     _______________________________________________
>     Chilli mailing list
>     Chilli at coova.org <mailto:Chilli at coova.org>
>     http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>
>
>
>
> _______________________________________________
> Chilli mailing list
> Chilli at coova.org
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli


More information about the Chilli mailing list