Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 07 Dec 2005 14:46:41 +1100
From:      Alan Garfield <alan@fromorbit.com>
To:        Cezar Fistik <cezar@arax.md>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: FreeBSD 6.x / GRE / WCCP / Squid
Message-ID:  <1133927201.2808.50.camel@random.fromorbit.com>
In-Reply-To: <1133904749.2808.7.camel@random.fromorbit.com>
References:  <1133825473.2882.22.camel@random.fromorbit.com> <1824312479.20051206194833@arax.md> <1133904749.2808.7.camel@random.fromorbit.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, 2005-12-07 at 08:32 +1100, Alan Garfield wrote:

> > I mean setting up the host explicitly to use the proxy? I don't
> > remember precisely, I did it a long ago, but I think you should use
> > wccp version 2 in order to run wccp with squid.
> 
> I've not tried version 2, but I will try it now.

Okay, Squid doesn't support WCCP version 2. So I decided to try to use a
route-map redirector to see if it was something else causing the issue.

Now I've have tried two was and I'm seeing the exact same problem.
Firstly I tried :-

kern conf
---------

options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_FORWARD

ipfw conf
---------

ipfw add 50 fwd 127.0.0.1,3128 tcp from any to any 80


I see the packets hitting fxp0 correctly and I see the forward rules,
but nothing appears in tcpdump for lo0 nor does squid see anything
either.

So secondly I tried to us IP Filter instead. I removed all the
IPFIREWALL stuff from the kernel and I setup ipf as follows :-

ipnat.rules
----------

rdr fxp0 0/0 port 80 -> 127.0.0.1 port 3128 tcp


Now I can see the transactions when I do 'ipnat -s' but still nothing
appears on the lo0. I have ip forwarding turned on and the machine is
acting as a gateway.

The only thing I can think of is the packets are from a private IP range
and the proxy server is in a routable IP range in my DMZ. But if that
where a problem why do I see the packets hitting the forwarding rules
but never coming out the otherside?

Any help would be appreciated.

Thanks,
Alan.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1133927201.2808.50.camel>