[squid-users] 'Intercept' option on Windows
Amos Jeffries
squid3 at treenet.co.nz
Mon May 8 06:35:42 UTC 2017
On 08/05/17 10:14, Tobias Tromm wrote:
>
> [Replying on correct topic (sorry)]
>
>
> I found a windows ipfw version here http://wipfw.sourceforge.net/ and
> here https://github.com/luigirizzo/dummynet
>
> So, if I install it on Windows, and do that
> http://wiki.squid-cache.org/ConfigExamples/Intercept/Ipfw should it work?
>
> Just to be clear, I don't want Windows doing the job of redirecting
> packets from 80 to 3129. I use iptables on dd-wrt for that (wifi guest
> only).
This is not possible without opening your entire network to invisible
attack through CVE-2009-0801
(<http://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery>).
NAT destroys the destination IP on the TCP packets. It has to be done on
the Squid machine.
Amos
More information about the squid-users
mailing list