Date: Mon, 13 Sep 2010 11:53:26 -0400 From: Nathan Vidican <nathan@vidican.com> To: questions@freebsd.org Subject: ipfw fwd for transparent proxy (squid) - but, not on loopback Message-ID: <AANLkTikuAZTmHvZ8meBPRv_p6EH74aDNwWhE2rmVgA2d@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hey all - I've been trying to implement a transparent proxy for all outgoing traffic to port 80 to forward to a proxy server. The problem is that the proxy itself resides on a different host than the forward rule does. Has anyone done something similar? Ideally I'd like to implement with ipfw, but not opposed to other suggestions? Internet -> firewall/gateway -> proxy server -> LAN/clients Where the firewall/gateway is the central router for multiple networks, including the public subnet which 'proxy server' gets it's external IP for. So ideally I would like something along the lines of this (assuming the proxy server is running on 10.1.1.12:3128): ipfw add 600 fwd 10.1.1.12,3128 tcp from 10.1.2.0/24 to any 80 via 10.1.2.254 ipfw add 600 fwd 10.1.1.12,3128 tcp from 10.1.3.0/24 to any 80 via 10.1.3.254 ipfw add 600 fwd 10.1.1.12,3128 tcp from 10.1.1.0/26 to any 80 via 10.1.1.1 I have tried the identical rules to above using 127.0.0.1,3128 - of course starting up squid on the gateway machine too... the problem is that machine simply doesn't have the resources and I'd prefer to run squid on a different host. Any suggestions or referrals to RTFM somewhere would be greatly appreciated. Thanks. -- Nathan Vidican nathan@vidican.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTikuAZTmHvZ8meBPRv_p6EH74aDNwWhE2rmVgA2d>