Re: Squid proxy 2.6 with FreeBSD 6.2

I am using two different server. One is running under linux and using
iptables from which i want to forward http traffic to the FreeBSD box where
i am running Squid proxy and want to make it run as transparent proxy. The
problem is that the FreeBSD box is not working as a transparent proxy in
this scenario. It seems that the Squid proxy server at FreeBSD box doesn't
see the packet forwarded to it through the linux server.

Any suggestion?


On 9/12/07, Andrew Pantyukhin <infofarmer@xxxxxxxxxxx> wrote:

On Tue, Sep 11, 2007 at 05:23:28PM +0600, Anwarul Mamun wrote:
Hi All!

I have a linux gateway server (using iptables on this) where my client
hit
first. I want to direct the http traffic to the proxy server based on
FreeBSD ( i mean transparent proxy). I am using FreeBSD 6.2 and Squid
proxy
2.6. I have directed the http traffic from my linux gateway server to
the
proxy server on FreeBSD as below. But the transparent proxying does not
work. Is there anyone worked with the issues on transparent proxy with
FreeBSD 6.2. who may suggest in this case?


/sbin/iptables -t nat -A PREROUTING -s 192.168.40.0/24 -p tcp --dport 80
-j
DNAT --to 172.16.3.1:8080
/sbin/iptables -t nat -A PREROUTING -s 192.168.40.0/24 -p tcp --dport
8080
-j DNAT --to 172.16.3.1:8080

Assuming your squid config is right, you should stop modifying
packets (with little knowledge of iptables, I think -j DNAT --to
... does that). If you manage to reroute unmodified packets to
the FreeBSD box, you'll need something like this to set up its
ipfw:

$cmd add 100 fwd 127.0.0.1,3128\
proto tcp src-ip $lan_local not src-ip me not dst-ip me\
dst-port $http_ports
$cmd add 200 allow via lo0
$cmd add 500 deny dst-ip me dst-port 3128 not src-ip $lan_local

_______________________________________________
freebsd-isp@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: Squid proxy 2.6 with FreeBSD 6.2
    ... FreeBSD (i mean transparent proxy). ... I am using FreeBSD 6.2 and Squid ... I am using two different server. ...
    (freebsd-isp)
  • Device access - /dev/ipnat
    ... In the current FreeBSD ports, squid-2.5STABLE10 has a patch that allows ... This access is important where squid is running in a transparent proxy ...
    (freebsd-questions)
  • Re: problem with routnig
    ... I want to intercept every packet from network, ... Gateway is phisically removed from LAN users. ... The only link is through FreeBSD box. ... "transparent proxy or Intercepting proxy"? ...
    (freebsd-net)
  • RE: freebsd-questions Digest, Vol 52, Issue 3
    ... To subscribe or unsubscribe via the World Wide Web, ... bypassing a proxy server ... > As some of you may recall, I'm engaged in an ongoing saga trying to set> up a FreeBSD machine on a school's network. ...
    (freebsd-questions)
  • Re: Question
    ... >I am a network manager for a small government. ... >proprietary to something like FreeBSD or linux? ... Are server needs are currently simple and we only have one NT4 server ...
    (freebsd-newbies)