Date: Thu, 17 Dec 1998 10:17:09 -0500 (EST) From: Steve Ames <steve@ns1.cioe.com> To: freebsd-isp@FreeBSD.ORG Subject: Transparent Proxy: FBSD 3.0, Squid and NAT Message-ID: <199812171517.KAA48213@vic.cioe.com>
next in thread | raw e-mail | index | archive | help
I'm trying to get transparent proxying to work on my home network before trying to deploy it more widescale. My gateway machine is running FBSD 3.0 (about a week after release). I have natd configured and operational and am using an internal network of 192.168.9.0/24. The gateway is 192.168.9.1. My real IP address is 204.120.165.254. OK. So FBSD is connecting to the net fine (using the real IP). The rest of the machines on my network are working fine (using natd via the gateway). I installed squid 2.0. I changed a copy of netscape to use squid as a proxy server and that went pretty well. I chaned it back to 'no proxy' and went to work on getting things to work transparently. I start with the Squid page on transparent proxy (even has a section on FreeBSD 3.0): http://squid.nlanr.net/Squid/FAQ/FAQ-17.html. This doesn't seem to address working while NAT is enabled but it seemed a good starting place. My final configuration looked like this: squid.conf ---------- http_port 80 httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on ipfw list --------- 00049 allow ip from 204.120.165.254 to any 00050 fwd 127.0.0.1 tcp from 192.168.9.0/24 to any 80 00100 divert 8668 ip from any to any via ed0 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 65000 allow ip from any to any 65535 deny ip from any to any 49 & 50 are the ones I added. It would seem that you'd want to do the proxy before natd got it via the divert. This worked... kinda. It was really, really slow (much slower than just natd alone). Thoughts? Please? -Steve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812171517.KAA48213>