transparent Squid 2.5Stable10 + FreeBSD 5.3
From: Ryan Rathje (mrsharky_at_iastate.edu)
Date: 06/20/05
- Previous message: FreeBSD bugmaster: "Current problem reports assigned to you"
- Next in thread: Edwin Groothuis: "Re: transparent Squid 2.5Stable10 + FreeBSD 5.3"
- Reply: Edwin Groothuis: "Re: transparent Squid 2.5Stable10 + FreeBSD 5.3"
- Reply: eculp_at_bafirst.com: "Re: transparent Squid 2.5Stable10 + FreeBSD 5.3"
- Reply: fooler: "Re: transparent Squid 2.5Stable10 + FreeBSD 5.3"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: freebsd-net@freebsd.org Date: Mon, 20 Jun 2005 10:40:50 -0500 (CDT)
Here's my FreeBSD setup
Nic1 -> outside (123.456.789.10)
Nic2 -> internal (192.168.1.2)
Here's my client Win2k setup
IP: 192.168.1.5
MASK: 255.255.255.0
GW: 192.168.1.2
-------------------------------------
I have FreeBSD 5.3 installed with the modified kernel options
options IPFILTER
options IPFILTER_LOG
options NMBCLUSTERS=32768
options IPFIREWALL
options IPFIREWALL_FORWARD
options IPFIREWALL_DEFAULT_TO_ACCEPT
in a machine with 2 NICS ( NIC1 -> outside work; NIC2 -> interal network
(192.168.1.2). I configured Squid with the ARG --enable-ipf-transparent, and
ths is what my options (/var/db/ports/squid/) file looks like for configuring Squid:
# This file is auto-generated by 'make config'.
# No user-servicable parts inside!
# Options for squid-2.5.10_1
_OPTIONS_READ=squid-2.5.10_1
WITHOUT_SQUID_LDAP_AUTH=true
WITHOUT_SQUID_DELAY_POOLS=true
WITHOUT_SQUID_SNMP=true
WITHOUT_SQUID_CARP=true
WITHOUT_SQUID_SSL=true
WITH_SQUID_PINGER=true
WITHOUT_SQUID_DNS_HELPER=true
WITHOUT_SQUID_HTCP=true
WITHOUT_SQUID_VIA_DB=true
WITHOUT_SQUID_CACHE_DIGESTS=true
WITH_SQUID_WCCP=true
WITH_SQUID_UNDERSCORES=true
WITH_SQUID_CHECK_HOSTNAME=true
WITHOUT_SQUID_STRICT_HTTP=true
WITH_SQUID_IDENT=true
WITHOUT_SQUID_USERAGENT_LOG=true
WITHOUT_SQUID_ARP_ACL=true
WITHOUT_SQUID_PF=true
WITH_SQUID_IPFILTER=true
WITH_SQUID_FOLLOW_XFF=true
WITHOUT_SQUID_AUFS=true
WITHOUT_SQUID_COSS=true
WITHOUT_SQUID_LARGEFILE=true
WITHOUT_SQUID_STACKTRACES=true
WITH_SQUID_RCNG=true
In the squid.conf file I've made (what I think) are the appropriate changes:
http_port 3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
and lastly, this is what my rc.conf looks like:
hostname="Gohan"
squid_enable="YES"
firewall_enable="YES"
firewall_type="open"
firewall_quiet="NO"
firewall_logging="YES"
# IPFILTER enabled
ipfilter_enable="YES"
ipfilter_program="/sbin/ipf"
ipfilter_rules="/etc/ipf.rules"
ipfilter_flags=""
ipfw add allow all from any to 192.168.1.2 80
ipfw add fwd 192.168.1.2 tcp from any to 192.168.1.2 3128
ipfw add fwd 192.168.1.2,3128 tcp from any to any 80,82,3128 out recv
192.168.1.2 xmit 129.186.215.57
---------------------------------------------------------
I ran ethereal on the client machine (192.168.1.5) that is behind Squid, and it
appears that the client hits the 192.168.1.2 but doesn't forward it onto the
Squird proxy, therefor never reaching the outside world. I get the normal "Page
can not be displayed" message on the client. I would have thought that if it
was hitting the Squid it would give a Squid error message.
My gut feeling is it has something to do with my ipfw rules, any and ALL help
would get GREATLY appreciated. thanks
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: FreeBSD bugmaster: "Current problem reports assigned to you"
- Next in thread: Edwin Groothuis: "Re: transparent Squid 2.5Stable10 + FreeBSD 5.3"
- Reply: Edwin Groothuis: "Re: transparent Squid 2.5Stable10 + FreeBSD 5.3"
- Reply: eculp_at_bafirst.com: "Re: transparent Squid 2.5Stable10 + FreeBSD 5.3"
- Reply: fooler: "Re: transparent Squid 2.5Stable10 + FreeBSD 5.3"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
