Transparent Squid 2.5Stable10 + FreeBSD 5.4

• Previous message: Andre Oppermann: "Re: Policy routing idea (Was: ipfw: Would it be possible tocontinue processing rest of rules after match ?)"
• Next in thread: fooler: "Re: Transparent Squid 2.5Stable10 + FreeBSD 5.4"
• Reply: fooler: "Re: Transparent Squid 2.5Stable10 + FreeBSD 5.4"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: freebsd-net@freebsd.org
Date: Wed, 22 Jun 2005 08:33:39 -0500 (CDT)

Fooler,
  Thanks for the suggestion thus far, it did clear some up. When I use your
suggestion of:

ipfw add fwd 127.0.0.1,3128 tcp from any to any 80 in via em0

1 FreeBSD configured as a gateway with 2 nics
sis0 - outside world nic
em0 - internal network nic

it appears to have some communication, but not all. Here's what I mean: This
is the output from ethereal when trying to visit the google website:

192.168.1.5 -> 216.239.39.99 TCP 3694 > http [SYN] seq=0 ack=0 win=16384
Len=0 MSS=1460
216.239.39.99 -> 192.168.1.5 TCP http > 3694 [SYN, ACK] seq=0 ack=1
win=16384 Len=0 MSS=1460
192.168.1.5 -> 216.239.39.99 TCP 3694 > http [ACK] seq=1 ack=1 win=17520
Len=0
192.168.1.5 -> 216.239.39.99 HTTP GET / HTTP/1.1
216.239.39.99 -> 192.168.1.5 TCP http > 3694 [FIN, ACK] seq=1 ack=300
win=65535 Len=0
192.168.1.5 -> 216.239.39.99 TCP 3694 > http [ACK] seq=300 ack=2 win=17520
Len=0
192.168.1.5 -> 216.239.39.99 TCP 3694 > http [FIN, ACK] seq=300 ack=2
win=17520 Len=0
216.239.39.99 -> 192.168.1.5 TCP http > 3694 [ACK] seq=2 ack=301 win=65534
Len=0

As of right now, this is the only line in rc.conf, I know I need more (see
below) but I'm starting to get a little confused about the order in which it's
supposed to be listed. If its not clear by now that I'm kind of new to Squid
and FreeBSD, I'm stating it for the record, I'm a newbie. Thanks all in
advance.

> -----Original Message-----
>
> ipfw add allow all from any to 192.168.1.2 80
> ipfw add fwd 192.168.1.2 tcp from any to 192.168.1.2 3128
> ipfw add fwd 192.168.1.2,3128 tcp from any to any 80,82,3128 out recv
> 192.168.1.2 xmit 129.186.215.57
>
> My gut feeling is it has something to do with my ipfw rules, any and ALL
help
> would get GREATLY appreciated. thanks

yup your gut feeling is correct :->

you dont need to enable IPFILTER if you use IPFW...

your simple ipfw rule for transparent proxy looks like this:

ipfw add fwd 127.0.0.1,3128 tcp from any to any 80 in via <nic2 interface
name>

fooler.

_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

• Previous message: Andre Oppermann: "Re: Policy routing idea (Was: ipfw: Would it be possible tocontinue processing rest of rules after match ?)"
• Next in thread: fooler: "Re: Transparent Squid 2.5Stable10 + FreeBSD 5.4"
• Reply: fooler: "Re: Transparent Squid 2.5Stable10 + FreeBSD 5.4"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]