In transparent mode, there are no special configuration steps needed to setup client browsers, thus allowing the proxy service to be activated and in-use almost immediately. Once activated, all traffic destined for the Internet arriving on port 80 and port 443 (optional) is automatically redirected through the proxy.
Both transparent and non-transparent proxying can be used together at the same time. Enabling transparent does not stop non-transparent from working. In situations where transparent is the norm but a specific application requires non-transparent you can simply configure the proxy settings in that application.
NOTE: Transparent proxy only intercepts traffic for TCP port 80 and 443. Traffic going to non-standard ports is not intercepted.
Non-Transparent Proxy
The main reason to use a non-transparent proxy is so that the web browser and other client applications know that a proxy is being used, and so can act accordingly. Initial configuration of a non-transparent proxy might be trickier, but ultimately provides a much more powerful and flexible proxying service. Spyware and worms that use the web for transmission may not be able to function because proxy settings are unknown. This can reduce the spread of malicious software and prevent bandwidth from being wasted by infected systems.
Configuring Proxy Settings
When using non-transparent proxying, appropriate proxy settings must be configured on client machines and browsers. This can be achieved in a number of different ways:
-
Manually
Proxy settings can be entered manually in most web browsers and web-enabled applications. Usually such settings are entered as part of the application's Connection Settings or similar. The address of the proxy is required, along with the proxy port number. These settings are displayed on the Web proxy Settings page, see our help topic, Configuring the web proxy. -
Automatic configuration script
The Smoothwall proxy provides aproxy.pac
file that can be used to automatically configure proxy settings in most Internet browsers. To use the automatic configuration script, see our help topic, Configuring the web proxy with proxy auto-config (PAC) scripts. -
Microsoft Windows 2000 domain
In a Windows 2000+ domain, proxy settings can be configured in the domain security policy. This eliminates the need to manually configure any part of the users system. -
Automatic discovery
Many browsers support automatic discovery of proxy settings using the WPAD (Web Proxy Auto-Discovery) protocol. This is relatively easy to configure if you have a local DNS server. Using DHCP to distribute proxy settings - DHCP can also be used to set proxy settings. That might be a better method than using security policies. Currently the DHCP server on the Smoothwall firewalls cannot be used for giving outproxy.pac
locations. -
Microsoft Windows login script
The Windows login script can be used to import a registry file which will automatically configure the system wide proxy settings. -
.ini
files
Browsers like Firefox can be configured automatically with ini files. Such files could be copied or modified as part of the login script on a Microsoft Windows or Linux network. -
Third party solutions
Third party applications are available for Windows which can, at login, automatically configure web browser proxy settings. These range from simple programs designed specifically to automate proxy configuration, or more sophisticated applications that provide a range of services such as monitoring the user's desktop.
Transparent Proxying
When minimal or no network configuration is required. Transparent proxying can be useful in mixed environments containing Unix, Linux, Apple Mac and Microsoft Windows systems. This allows quick access to the web proxy for everyone, without having to configure a multitude of different platform specific applications and browsers.