Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 10 Jun 2002 15:08:53 -0700 (PDT)
From:      Jason Bertolacci <jbertolacci@yahoo.com>
To:        freebsd-questions@freebsd.org
Subject:   IPFW forwarding and transparent proxy trouble
Message-ID:  <20020610220853.85660.qmail@web21407.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help 
Having read the Squid FAQ and other documentation I
added the recommended config to a working proxy server
(Squid 2.4 and FreeBSD 4.6RC) in an attempt to get
transparent proxy working. The Squid machine works if
the client's proxy optoins are manually configured in
the client's browser but the transparent forwarding
does not seem to be working. The long story goes...

After configuring and compiling with
"--enable-ipf-transparent"  I added to squid.conf...

http_port 3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_uses_host_header on
httpd_accel_with_proxy on

And the following to rc.firewall...

[Cc][Aa][Cc][Hh][Ee])
        setup_loopback
        ${fwcmd} add pass all from any to any
        ${fwcmd} add fwd 127.0.0.1,3128 tcp from any
to any 80
        ;;

The Squid machine receives traffic forwarded from the
router but does not seem to deliver it to the proxy
port. I don't see any packets incrementing on the ipfw
add fwd rule -- is this normal?

00400 14596 3099647 allow ip from any to any
00500     0       0 fwd 127.0.0.1,3128 tcp from any to
any 80

And if I connect via telnet to port 80 on the Squid
server the connection is denied while if I connect to
3128 I get an error from Squid. The ipfw forwarding
does not seem to  be working...it is enabled in the
kernel:

options         IPFIREWALL              #firewall
options         IPFIREWALL_VERBOSE      #enable
logging to syslogd(8)
options         IPFIREWALL_FORWARD      #enable
transparent proxy support

Anyone have thoughts or suggestions? Thanks.

jason



__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020610220853.85660.qmail>