Date: Thu, 31 Jul 2003 09:19:57 -0700 From: eculp@encontacto.net To: isp@freebsd.org Subject: ipfw + natd + squid + 2 internet connections and a LAN Message-ID: <1059668397.2dc0b47f0c2df@mail.encontacto.net>
next in thread | raw e-mail | index | archive | help
Our small company has a ds0 connection through our local telco that is totally saturated during the day from our outgoing traffic and we need it for customer traffic so I added what I thought would be a cost effective connection through a local cable provider thinking that I could use it with squid and transparent proxy to route all the LAN port 80 outgoing traffic first to squid on 3128 and out through the cable connection. Everything is on the same box. I have 3 nics rl[0-2]. One for the lan with 192.168.5.0/24, one for our telco connection with 16 ip's and the other for the cable modem that is a private network 10.24.194.xxx/20 to access the gateway that is 10.24.128.1. My ipfw is very simple fight now and transparent proxy is working perfectly. 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00400 fwd 127.0.0.1,3128 tcp from 192.168.5.0/24 to any 80 65100 divert 8668 ip from any to any via rl0 65500 allow ip from any to any I naively put 10.24.194.xxx as my tcp_outgoing_address thinking that the port 80 traffic from squid would route through rl2 or 10.24.128.1. It doesn't, it routes through rl0 that is the telco connection. My default route is through the telco connection off rl0. I am trying to divert all web traffic, first to squid on the local box and then have squid fetch what isn't is cache through rl2. I feel like I'm really missing something. I've even tried running two instances of natd but wasn't able to get it to work. Any suggestions would be appreciated. thanks, ed -- -------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1059668397.2dc0b47f0c2df>