Port forwarding on Windows / squid proxy

Solved
Fafoh Posted messages 17 Status Member -  
Fafoh Posted messages 17 Status Member -
Hello hello,

I am currently working on a transparent proxy, that is to say it must be automatically recognized by clients (no browser configuration) and open source. At the moment I’m stuck at port redirection.

The machine runs Windows Server 2003 (the only non-open-source element) with Squid 2.7 Windows version and two network cards.

NAT between the cards works fine (RRAS) and Squid as well when I configure the client’s browser.

Since Squid isn’t supported for the “transparent” function, I need to do port redirection. The goal is to forward traffic coming from port 80 or 443 to port 3128.

Unfortunately I can’t find any OpenSource software capable of doing that.

For now the only thing that works is SoftPerfect Bandwidth Manager (very expensive license).

I’ve tried Netsh but it doesn’t seem to work (or maybe I’m doing it wrong…?).

So if anyone has a good idea I’m all ears.

Thank you.

5 answers

  1. kelux Posted messages 3065 Registration date   Status Contributor Last intervention   434
     
    Hello,

    Under normal circumstances it is the outgoing router that handles internal redirection to the proxy.

    The Proxy server can indeed have only one network card, and it is not necessarily a router.

    Other drawbacks of the transparent proxy;
    - does not support user authentication.
    - Some software works very poorly through a proxy, with this method all traffic is forced to go through a proxy; whereas sometimes that isn’t necessary.

    Today with Active Directory it is much easier to configure clients' browsers. (pac file or hard-coded proxy).

    If the Windows 2003 server acts as an internet gateway, that is a very bad idea.

    A small example under 2003:
    http://www.rosscode.com/blog/index.php?title=port_forwarding_in_windows_2003&more=1&c=1&tb=1&pb=1

    --
    Using a registry "compactor" on top of a registry "cleaner" would be equivalent to rinsing your throat with a swig of Jack Daniels after swallowing a pint of snake oil....
    1
  2. Fafoh Posted messages 17 Status Member
     
    Thank you for your response, Kelux.

    The Tproxy is an exercise that I was given and I must necessarily do it on Windows with open-source software. Regarding one or more network cards, there isn’t really any instruction, but I’m not sure I’ll have access to the router.

    I just tested the link you sent me, but when I set 80 as the incoming port it tells me that it already exists and therefore doesn’t want to use it... any idea?
    0
  3. kelux Posted messages 3065 Registration date   Status Contributor Last intervention   434
     
    Modify the existing "Web HTTP" service; maybe that's why it tells you it already exists.

    --
    Using a registry "compactor" on top of a registry "cleaner" would be equivalent to rinsing your throat with a swig of Jack Daniels after swallowing a pint of snake oil....
    0
  4. Fafoh Posted messages 17 Status Member
     
    Unfortunately it’s grayed out and apart from the IP I can’t modify or delete anything
    0
  5. kelux Posted messages 3065 Registration date   Status Contributor Last intervention   434
     
    We need to scrape around that. The solution is right under your eyes. And I don’t have Win2003 with RRAS on hand to do it.

    Good luck.

    --

    Using a registry "compactor" on top of a registry "cleaner" would be equivalent to rinsing your throat with a swig of Jack Daniels after swallowing a pint of snake oil....
    0
    1. Fafoh Posted messages 17 Status Member
       
      Okay. Thanks for your time =)
      I’ll post the solution if I find it.
      0