From owner-freebsd-questions@FreeBSD.ORG  Fri Jun 13 06:47:11 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 17AD237B405
	for <freebsd-questions@freebsd.org>;
	Fri, 13 Jun 2003 06:47:11 -0700 (PDT)
Received: from pa-plum1b-166.pit.adelphia.net (pa-plum1b-217.pit.adelphia.net
	[24.53.161.217])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 56BF443F85
	for <freebsd-questions@freebsd.org>;
	Fri, 13 Jun 2003 06:47:10 -0700 (PDT)
	(envelope-from wmoran@potentialtech.com)
Received: from potentialtech.com (working [172.16.0.95])
	h5DDl9Og002843;	Fri, 13 Jun 2003 09:47:09 -0400 (EDT)
	(envelope-from wmoran@potentialtech.com)
Message-ID: <3EE9D5DD.1090209@potentialtech.com>
Date: Fri, 13 Jun 2003 09:47:09 -0400
From: Bill Moran <wmoran@potentialtech.com>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.3) Gecko/20030429
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Andrew Thomson <ajthomson@optushome.com.au>
References: <20030613070438.GO15745@athomson.prv.au.itouchnet.net>
In-Reply-To: <20030613070438.GO15745@athomson.prv.au.itouchnet.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: freebsd-questions@freebsd.org
Subject: Re: more transparent proxy and squid questions.
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Jun 2003 13:47:11 -0000

Andrew Thomson wrote:
> I'm not looking for help at setting this up as such, but rather a better
> understanding of what's happening to the packets in this situation.
> 
> I have a freebsd firewall/gateway box.
> 
> I then fwd the port 80 requests to the squid box on port 3128
> 
> squid then i imagine process the request.. does squid then make the same
> http request with it's ip as the source?
> 
> perhaps an illustration might be helpful.
> 
> wall/gwy = 192.168.1.1
> squid = 192.168.1.2
> user = 192.168.1.3
> 
> user makes an http request.
> 
> ipfw rule on wall diverts to squid:
> 
> ipfw add 50 fwd 192.168.1.2,3128 tcp from any to any 80
> 
> does squid then make the request with it's ip?
> 
> thus we'd need something like,
> 
> ipfw add 45 allow tcp from 192.168.1.2 to any 80
> 
> squid updates the cache/passes the data back to the user??

Yes.  You've got the right idea.

-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com