From owner-freebsd-questions@FreeBSD.ORG Wed Dec 7 04:07:17 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D164B16A41F for ; Wed, 7 Dec 2005 04:07:17 +0000 (GMT) (envelope-from alan@fromorbit.com) Received: from thing1.auspcmarket.com.au (thing1.auspcmarket.com.au [203.31.169.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6C71343D53 for ; Wed, 7 Dec 2005 04:07:15 +0000 (GMT) (envelope-from alan@fromorbit.com) Received: from [192.168.1.99] (unknown [192.168.1.99]) by thing1.auspcmarket.com.au (Postfix) with ESMTP id 75C008EF1; Wed, 7 Dec 2005 14:46:41 +1100 (EST) From: Alan Garfield To: Cezar Fistik In-Reply-To: <1133904749.2808.7.camel@random.fromorbit.com> References: <1133825473.2882.22.camel@random.fromorbit.com> <1824312479.20051206194833@arax.md> <1133904749.2808.7.camel@random.fromorbit.com> Content-Type: text/plain Date: Wed, 07 Dec 2005 14:46:41 +1100 Message-Id: <1133927201.2808.50.camel@random.fromorbit.com> Mime-Version: 1.0 X-Mailer: Evolution 2.2.3 (2.2.3-2.fc4) Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD 6.x / GRE / WCCP / Squid X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Dec 2005 04:07:17 -0000 On Wed, 2005-12-07 at 08:32 +1100, Alan Garfield wrote: > > I mean setting up the host explicitly to use the proxy? I don't > > remember precisely, I did it a long ago, but I think you should use > > wccp version 2 in order to run wccp with squid. > > I've not tried version 2, but I will try it now. Okay, Squid doesn't support WCCP version 2. So I decided to try to use a route-map redirector to see if it was something else causing the issue. Now I've have tried two was and I'm seeing the exact same problem. Firstly I tried :- kern conf --------- options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_FORWARD ipfw conf --------- ipfw add 50 fwd 127.0.0.1,3128 tcp from any to any 80 I see the packets hitting fxp0 correctly and I see the forward rules, but nothing appears in tcpdump for lo0 nor does squid see anything either. So secondly I tried to us IP Filter instead. I removed all the IPFIREWALL stuff from the kernel and I setup ipf as follows :- ipnat.rules ---------- rdr fxp0 0/0 port 80 -> 127.0.0.1 port 3128 tcp Now I can see the transactions when I do 'ipnat -s' but still nothing appears on the lo0. I have ip forwarding turned on and the machine is acting as a gateway. The only thing I can think of is the packets are from a private IP range and the proxy server is in a routable IP range in my DMZ. But if that where a problem why do I see the packets hitting the forwarding rules but never coming out the otherside? Any help would be appreciated. Thanks, Alan.