From owner-freebsd-questions@FreeBSD.ORG Fri Jun 13 00:13:50 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A0B1637B401 for ; Fri, 13 Jun 2003 00:13:50 -0700 (PDT) Received: from mx1.au.itouchnet.net (nat2.au.itouchnet.net [144.135.23.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id 452BE43FDD for ; Fri, 13 Jun 2003 00:13:49 -0700 (PDT) (envelope-from ajthomson@optushome.com.au) Received: from nobody by mx1.au.itouchnet.net with scanned_ok (Exim 3.36 #1) id 19Qikt-000N6S-00 for freebsd-questions@freebsd.org; Fri, 13 Jun 2003 17:13:47 +1000 X-TLS: TLSv1:DES-CBC3-SHA:168 athomson.prv.au.itouchnet.net -> mx1.au.itouchnet.net Received: from athomson.prv.au.itouchnet.net ([192.168.13.55]) by mx1.au.itouchnet.net with esmtp (TLSv1:DES-CBC3-SHA:168) (Exim 3.36 #1) id 19Qiks-000N6J-00 for freebsd-questions@freebsd.org; Fri, 13 Jun 2003 17:13:46 +1000 Received: from localhost ([127.0.0.1] helo=athomson.prv.au.itouchnet.net) by athomson.prv.au.itouchnet.net with esmtp (Exim 4.20) id 19Qiks-0005qK-8Z for freebsd-questions@freebsd.org; Fri, 13 Jun 2003 17:13:46 +1000 Received: (from ajt@localhost)h5D7DkQJ022463 for freebsd-questions@freebsd.org; Fri, 13 Jun 2003 17:13:46 +1000 (EST) X-Authentication-Warning: athomson.prv.au.itouchnet.net: ajt set sender to ajthomson@optushome.com.au using -f Date: Fri, 13 Jun 2003 17:13:46 +1000 From: Andrew Thomson To: freebsd-questions@freebsd.org Message-ID: <20030613071346.GR15745@athomson.prv.au.itouchnet.net> References: <20030613070438.GO15745@athomson.prv.au.itouchnet.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030613070438.GO15745@athomson.prv.au.itouchnet.net> User-Agent: Mutt/1.4.1i X-Checked: Scanned for any viruses and unauthorized attachments at mx1.au.itouchnet.net X-iScan-ID: 88808-1055488426-26517@mx1.au.itouchnet.net version $Name: REL_2_0_2 $ Subject: Re: more transparent proxy and squid questions. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Jun 2003 07:13:50 -0000 oh, and does squid need to be compiled with CONFIGURE_ARGS+= --enable-ipf-transparent given the firewall does the divert to the squid box ?? ta, ajt. On Fri, Jun 13, 2003 at 05:04:38PM +1000, Andrew Thomson wrote: > I'm not looking for help at setting this up as such, but rather a better > understanding of what's happening to the packets in this situation. > > I have a freebsd firewall/gateway box. > > I then fwd the port 80 requests to the squid box on port 3128 > > squid then i imagine process the request.. does squid then make the same > http request with it's ip as the source? > > perhaps an illustration might be helpful. > > wall/gwy = 192.168.1.1 > squid = 192.168.1.2 > user = 192.168.1.3 > > user makes an http request. > > ipfw rule on wall diverts to squid: > > ipfw add 50 fwd 192.168.1.2,3128 tcp from any to any 80 > > does squid then make the request with it's ip? > > thus we'd need something like, > > ipfw add 45 allow tcp from 192.168.1.2 to any 80 > > squid updates the cache/passes the data back to the user?? > > thanks, > > ajt. > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >