[squid-users] Transparent Proxy in AWS
Jason Haar
jason_haar at trimble.com
Thu Jan 12 00:39:28 UTC 2017
On Fri, Dec 2, 2016 at 6:27 AM, klops <lo.kenneth at gmail.com> wrote:
> Does this mean the squid box has to be the overall gateway for the internal
> network for transparrancy to work?
>
> The reason the proposed setup the way it is is because AWS VPC service has
> a service based NAT gateway which we have not low level control over and it
> is the default gateway. We want to only route http/https traffic over to
> squid and the rest via their NAT gateway
>
Couldn't you configure those VPC networks so that the AWS default route is
dead by blocking all outbound (ie of no useable value to the EC2 hosts) and
tell the EC2 hosts owners to change their boot scripts to delete the
default gateway and replace it with your squid router? (which does have
Internet access). That way you are "regaining control" of your network, and
EC2 owners are "motivated" to Do The Right Thing :-)
Then there'd be no need for iptable tricks on the clients. Also means you
could apply this to Windows EC2 systems too
I'm not an AWS guru so I have no idea if that works. I'm assuming a VPC is
like a VLAN
--
Cheers
Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170112/2a2f0bb1/attachment-0001.html>
More information about the squid-users
mailing list