[squid-users] (possibly dynamic?) multiple port forwarding in the same internal Network ...

Tue May 25 13:08:10 UTC 2021

On 25.05.21 01:51, Albretch Mueller wrote:
>Subject: [squid-users] (possibly dynamic?) multiple port forwarding in the
> same internal Network ...

> As part of a teaching and learning (TaL)/school software, I need squid:

as first I'd like to note that squid is a HTTP/FTP proxy, not a port
forwarder (see Subject)

> a) to detect one of the connected computers in an internal network
>comprising wirelessly connected and wired computers as the "master"
>(operated by the teacher);

> b) when that master reach out to an outside URL, the response should
>be replicated in that master's and all other internal computers; but

squid also does not actively distribute content.
It can fetch and cache it, but the rest is on you.

and according to your description, most of the work is on you.

> c) responses to requests originating in the non master ("slave"?)
>ends, return to their corresponding ends;
>
> d) at times the master should be able to switch off that replicating feature;
>
> e) more than one or all computers should be able to play "master";
>
> f) all other "slave" should operate in a "transparent proxy" mode;

> g) on a single computer, someone could use different
>browsers/versions to do a-f ...
>
> I have seen that partially implemented one way or the other, however
>I need to integrate/manage all parts as part of an integrated whole.
>
> I could imagine these kinds of setups being used in TaL and
>conferencing environments, as well as in testing environments and, for
>example, §a could be achieved with the mac address and/or cookies, but
>someone could run macchanger and delete all cookies in their browser,
>so an extra authentication barrier should be used, which I see as the
>only fool proof way of setup and know who the masters are, or? How
>could disable slave ends from authenticating? I am not a networking
>kind of guy, so I am not quite sure about the kind of scenarios that
>could play out in those kinds of dynamic "master"/"slaves" setups.
>
> Probably, all the functional requirements relating to what I have
>described can not straight-forwardly done with squid, but there should
>be a way to use other applications' output to dynamically reconfigure:
>
> /etc/squid/squid.conf
>
> So, my questions could be reduced to: which exactly are the
>configuration lines that should be changed in both squid and the
>browsers on the connected computers or the different browsers in the
>same computer?

this apaprently means that all squid caches running on their machines will
transparently intercept outgoing port 80 connections. Should be easier on
local machine.

https://wiki.squid-cache.org/SquidFaq/InterceptionProxy

note that intercepting HTTPS (port 443) is much more work and issues than
port 80 (http).

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
On the other hand, you have different fingers.