[squid-users] 'Intercept' option on Windows

Amos Jeffries squid3 at treenet.co.nz
Mon May 8 06:35:42 UTC 2017


On 08/05/17 10:14, Tobias Tromm wrote:
>
> [Replying on correct topic (sorry)]
>
>
> I found a windows ipfw version here http://wipfw.sourceforge.net/ and 
> here https://github.com/luigirizzo/dummynet
>
> So, if I install it on Windows, and do that 
> http://wiki.squid-cache.org/ConfigExamples/Intercept/Ipfw should it work?
>
> Just to be clear, I don't want Windows doing the job of redirecting 
> packets from 80 to 3129. I use iptables on dd-wrt for that (wifi guest 
> only).

This is not possible without opening your entire network to invisible 
attack through CVE-2009-0801 
(<http://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery>).

NAT destroys the destination IP on the TCP packets. It has to be done on 
the Squid machine.

Amos



More information about the squid-users mailing list