From owner-freebsd-net Fri Aug 30 3: 1:21 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B1AF037B400 for ; Fri, 30 Aug 2002 03:01:18 -0700 (PDT) Received: from zibbi.icomtek.csir.co.za (zibbi.icomtek.csir.co.za [146.64.24.58]) by mx1.FreeBSD.org (Postfix) with ESMTP id C25E543E72 for ; Fri, 30 Aug 2002 03:01:11 -0700 (PDT) (envelope-from jhay@zibbi.icomtek.csir.co.za) Received: from zibbi.icomtek.csir.co.za (localhost [IPv6:::1]) by zibbi.icomtek.csir.co.za (8.12.6/8.12.6) with ESMTP id g7UA17wM055976; Fri, 30 Aug 2002 12:01:07 +0200 (SAT) (envelope-from jhay@zibbi.icomtek.csir.co.za) Received: (from jhay@localhost) by zibbi.icomtek.csir.co.za (8.12.6/8.12.6/Submit) id g7UA179Z055975; Fri, 30 Aug 2002 12:01:07 +0200 (SAT) (envelope-from jhay) From: John Hay Message-Id: <200208301001.g7UA179Z055975@zibbi.icomtek.csir.co.za> Subject: Re: Transpanent SQUID proxy In-Reply-To: <20020830112541.G7671-100000@spider.suxx.eu.org> from David Delibasic at "Aug 30, 2002 11:46:16 am" To: maddave@suxx.eu.org (David Delibasic) Date: Fri, 30 Aug 2002 12:01:07 +0200 (SAT) Cc: freebsd-net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > Has anyone successfuly configured transpanent www squid proxy to on other > machine? I've tryed `ipfw add fwd 10.0.0.4,3128 tcp from 10.0.0.0/24 to > any 80` and this seems not to work, because ipfw does not alter package > header and therefore it's not processed by my squid server (10.0.0.4). > I've also tried `ipfw add divert 8669 tcp from 0.0.0.0/24 to any 80` and > running `/sbin/natd -p 8669 -a 10.0.0.1 -proxy_only -proxy_rule > encode_tcp_stream port 80 server 10.0.0.4:3128` but this also doesn't > work. > > So, my question is: How to make it work ? You need to tell the proxy machine to accept it, if it is a FreeBSD box, just use ipfw fwd on it too. On my router I use something like this: add fwd 10.10.8.10 tcp from 10.10.0.0/16 to not 10.10.0.0/16 80 and on the proxy I use add allow tcp from 10.10.8.10 to any add 10100 fwd 127.0.0.1,3128 tcp from any to any 80 Where 10.10.8.10 is my proxy ip address and 10.10.0.0/16 is our network address/mask. The proxy is on one of the subnets directly connected to the router. John -- John Hay -- John.Hay@icomtek.csir.co.za / jhay@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message