[squid-dev] Squid on Windows

Amos Jeffries squid3 at treenet.co.nz
Tue Jan 9 05:11:15 UTC 2018


On 09/01/18 15:56, Lei Wen wrote:
> Hi everyone,
> 
> This is Lei Wen, I am from Microsoft Azure team.
> 
> We are seeking a solution about on host transparent proxy for containers 
> with Squid on Windows.
> 
> We already tried Linux and by using iptables traffic can be redirected 
> to squid port(e.x. 3128).
> 
> We want to know what do we need do to enable transparent proxy on Squid 
> side on Windows Like on the Linux, --enable-linux-netfilter enables 
> transparent proxy.

Hi Lei,

For NAT interception, Squid needs an interface from the OS to lookup NAT 
table mappings given either the accept() provided IP:port pair(s) and/or 
the socket handle. The API needs to provide the original dst-IP:port 
details the client used prior to the NAT alterations.

As far as I/we have been able to tell so far Windows does not provide 
any such interface for use by applications running in user-space like 
Squid. Once an interface is found or created adding a lookup function to 
Squid using the API should be fairly simple.

There have been several attempts that I'm aware of to create custom 
network drivers for Windows. But those turned out to be very much too 
slow and required asynchronous operations inside the preferrably 
synchronous NAT lookup.


An alternative API to look for is TPROXY. But, I've not seen or heard of 
anything like that either for Windows.


Amos Jeffries
The Squid Software Foundation


More information about the squid-dev mailing list