[Chilli] Coovachilli and Squid Transparent on the same host
Germano Paciocco
germano.paciocco at gmail.com
Sun May 20 18:10:52 UTC 2012
First, many thanks for your precious support
/*Venkatesh K <kaevee at gmail.com>*/ wrote:
> 1. Setup Postauthproxy to IP address of eth0 and port 3128
You gave me an idea that made me save the day :)
First of all, I noticed that if I set up a IP adress on the physical
network interface eth0, once coovachilli starts and raises up tun0,
eth0 becomes unnumbered, so I was using the following interface file
(debian):
auto lo
iface lo inet loopback
# LAN
auto eth0
# WAN
allow-hotplug eth1
auto eth1
iface eth1 inet static
address 192.168.196.100
netmask 255.255.255.0
gateway 192.168.196.1
Now I set an address for the physical interface after having started
coovachilli:
# /etc/init.d/chilli starts && ifconfig eth0 172.16.0.1 netmask 255.255.255.0
and set Squid to listen on 172.16.0.1
http_port 172.16.0.1:3128 transparent
now it is working as I wanted... but I have to big doubt:
1) Maybe Squid does not work well when listening on the loopback?
It is a known issue?
2) Why coovachilli sets physical HS interface unnumbered?
Is there a way to avoid this, and so avoid manual set of IP address after
coovachilli start?
I think it shouldn't give security problem, because if a client sets an
eth0's class IP on his NIC (172.16.0.x in my case), he should not be able
to surf due the #8 rule of INPUT chain (see one of my other message).
--
GP
More information about the Chilli
mailing list