From owner-freebsd-net@FreeBSD.ORG Wed Jun 22 13:33:40 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C0BB316A41C for ; Wed, 22 Jun 2005 13:33:40 +0000 (GMT) (envelope-from mrsharky@iastate.edu) Received: from mailhub-3.iastate.edu (mailhub-3.iastate.edu [129.186.140.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8B4F743D49 for ; Wed, 22 Jun 2005 13:33:40 +0000 (GMT) (envelope-from mrsharky@iastate.edu) Received: from mailout-2.iastate.edu (mailout-2.iastate.edu [129.186.140.2]) by mailhub-3.iastate.edu (8.12.10/8.12.10) with SMTP id j5MDXdtZ018678 for ; Wed, 22 Jun 2005 08:33:39 -0500 Received: from webmail-4.iastate.edu(129.186.140.24) by mailout-2.iastate.edu via csmap id b304cdfc_e323_11d9_9a93_003048290bef_12252; Wed, 22 Jun 2005 08:44:05 -0500 (CDT) To: freebsd-net@freebsd.org From: "Ryan Rathje " Date: Wed, 22 Jun 2005 08:33:39 -0500 (CDT) X-Mailer: Endymion MailMan Professional Edition v3.0.14 ISU Version mp8.13 Message-Id: <3933822510531721@webmail.iastate.edu> Subject: Transparent Squid 2.5Stable10 + FreeBSD 5.4 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Jun 2005 13:33:40 -0000 Fooler, Thanks for the suggestion thus far, it did clear some up. When I use your suggestion of: ipfw add fwd 127.0.0.1,3128 tcp from any to any 80 in via em0 1 FreeBSD configured as a gateway with 2 nics sis0 - outside world nic em0 - internal network nic it appears to have some communication, but not all. Here's what I mean: This is the output from ethereal when trying to visit the google website: 192.168.1.5 -> 216.239.39.99 TCP 3694 > http [SYN] seq=0 ack=0 win=16384 Len=0 MSS=1460 216.239.39.99 -> 192.168.1.5 TCP http > 3694 [SYN, ACK] seq=0 ack=1 win=16384 Len=0 MSS=1460 192.168.1.5 -> 216.239.39.99 TCP 3694 > http [ACK] seq=1 ack=1 win=17520 Len=0 192.168.1.5 -> 216.239.39.99 HTTP GET / HTTP/1.1 216.239.39.99 -> 192.168.1.5 TCP http > 3694 [FIN, ACK] seq=1 ack=300 win=65535 Len=0 192.168.1.5 -> 216.239.39.99 TCP 3694 > http [ACK] seq=300 ack=2 win=17520 Len=0 192.168.1.5 -> 216.239.39.99 TCP 3694 > http [FIN, ACK] seq=300 ack=2 win=17520 Len=0 216.239.39.99 -> 192.168.1.5 TCP http > 3694 [ACK] seq=2 ack=301 win=65534 Len=0 As of right now, this is the only line in rc.conf, I know I need more (see below) but I'm starting to get a little confused about the order in which it's supposed to be listed. If its not clear by now that I'm kind of new to Squid and FreeBSD, I'm stating it for the record, I'm a newbie. Thanks all in advance. > -----Original Message----- > > ipfw add allow all from any to 192.168.1.2 80 > ipfw add fwd 192.168.1.2 tcp from any to 192.168.1.2 3128 > ipfw add fwd 192.168.1.2,3128 tcp from any to any 80,82,3128 out recv > 192.168.1.2 xmit 129.186.215.57 > > My gut feeling is it has something to do with my ipfw rules, any and ALL help > would get GREATLY appreciated. thanks yup your gut feeling is correct :-> you dont need to enable IPFILTER if you use IPFW... your simple ipfw rule for transparent proxy looks like this: ipfw add fwd 127.0.0.1,3128 tcp from any to any 80 in via fooler.