Date: Fri, 30 Aug 2002 12:01:07 +0200 (SAT) From: John Hay <jhay@zibbi.icomtek.csir.co.za> To: maddave@suxx.eu.org (David Delibasic) Cc: freebsd-net@FreeBSD.ORG Subject: Re: Transpanent SQUID proxy Message-ID: <200208301001.g7UA179Z055975@zibbi.icomtek.csir.co.za> In-Reply-To: <20020830112541.G7671-100000@spider.suxx.eu.org> from David Delibasic at "Aug 30, 2002 11:46:16 am"
next in thread | previous in thread | raw e-mail | index | archive | help
> > Has anyone successfuly configured transpanent www squid proxy to on other > machine? I've tryed `ipfw add fwd 10.0.0.4,3128 tcp from 10.0.0.0/24 to > any 80` and this seems not to work, because ipfw does not alter package > header and therefore it's not processed by my squid server (10.0.0.4). > I've also tried `ipfw add divert 8669 tcp from 0.0.0.0/24 to any 80` and > running `/sbin/natd -p 8669 -a 10.0.0.1 -proxy_only -proxy_rule > encode_tcp_stream port 80 server 10.0.0.4:3128` but this also doesn't > work. > > So, my question is: How to make it work ? You need to tell the proxy machine to accept it, if it is a FreeBSD box, just use ipfw fwd on it too. On my router I use something like this: add fwd 10.10.8.10 tcp from 10.10.0.0/16 to not 10.10.0.0/16 80 and on the proxy I use add allow tcp from 10.10.8.10 to any add 10100 fwd 127.0.0.1,3128 tcp from any to any 80 Where 10.10.8.10 is my proxy ip address and 10.10.0.0/16 is our network address/mask. The proxy is on one of the subnets directly connected to the router. John -- John Hay -- John.Hay@icomtek.csir.co.za / jhay@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200208301001.g7UA179Z055975>