Can Bandwidth Throttling by Transparent Squid be escaped by Anonymizer Proxies?



  • Hi,

    We want to get rid of managing bandwidth by HTB and use a pfSense box where we'll enable transparent proxy and do throttling only for downloads. Can users inside the LAN use anonimizer or open proxies to work around the transparent proxy? Or is it the case that Squid will anyway catch the traffic and apply throttling?



  • http://openproxy.com:8080 <- port not included on redirect rules. Definitely will bypass your proxy. You should redirect all openproxies ports into your squid.



  • Can you explain how to add additional ports to the transparent redirect rules?



  • squid.inc would look like this. where the second line with port 8080 is added

    $rules .= "rdr on $iface proto tcp from any to !($iface) port 80 -> 127.0.0.1 port 80\n";
    $rules .= "rdr on $iface proto tcp from any to !($iface) port 8080 -> 127.0.0.1 port 80\n";
    

Log in to reply