From owner-freebsd-isp@FreeBSD.ORG Thu Jul 31 09:19:58 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4BDFE37B401 for ; Thu, 31 Jul 2003 09:19:58 -0700 (PDT) Received: from insourcery.net (ns1.insourcery.net [198.93.171.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id A303743FAF for ; Thu, 31 Jul 2003 09:19:57 -0700 (PDT) (envelope-from eculp@encontacto.net) Received: from localhost (localhost [127.0.0.1]) (uid 80) by insourcery.net with local; Thu, 31 Jul 2003 09:19:57 -0700 Received: from 192.168.5.65 (192.168.5.65 [192.168.5.65]) by mail.encontacto.net (Horde) with HTTP for ; Thu, 31 Jul 2003 09:19:57 -0700 Message-ID: <1059668397.2dc0b47f0c2df@mail.encontacto.net> X-Priority: 3 (Normal) Date: Thu, 31 Jul 2003 09:19:57 -0700 From: eculp@encontacto.net To: isp@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) 4.0-cvs X-Originating-IP: 200.79.7.2 Subject: ipfw + natd + squid + 2 internet connections and a LAN X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jul 2003 16:19:58 -0000 Our small company has a ds0 connection through our local telco that is totally saturated during the day from our outgoing traffic and we need it for customer traffic so I added what I thought would be a cost effective connection through a local cable provider thinking that I could use it with squid and transparent proxy to route all the LAN port 80 outgoing traffic first to squid on 3128 and out through the cable connection. Everything is on the same box. I have 3 nics rl[0-2]. One for the lan with 192.168.5.0/24, one for our telco connection with 16 ip's and the other for the cable modem that is a private network 10.24.194.xxx/20 to access the gateway that is 10.24.128.1. My ipfw is very simple fight now and transparent proxy is working perfectly. 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00400 fwd 127.0.0.1,3128 tcp from 192.168.5.0/24 to any 80 65100 divert 8668 ip from any to any via rl0 65500 allow ip from any to any I naively put 10.24.194.xxx as my tcp_outgoing_address thinking that the port 80 traffic from squid would route through rl2 or 10.24.128.1. It doesn't, it routes through rl0 that is the telco connection. My default route is through the telco connection off rl0. I am trying to divert all web traffic, first to squid on the local box and then have squid fetch what isn't is cache through rl2. I feel like I'm really missing something. I've even tried running two instances of natd but wasn't able to get it to work. Any suggestions would be appreciated. thanks, ed -- -------------------------------------------------