From owner-freebsd-questions@FreeBSD.ORG Sun Jun 15 23:52:16 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6AB3137B404 for ; Sun, 15 Jun 2003 23:52:16 -0700 (PDT) Received: from mx1.au.itouchnet.net (nat2.au.itouchnet.net [144.135.23.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0136143FAF for ; Sun, 15 Jun 2003 23:52:14 -0700 (PDT) (envelope-from ajthomson@optushome.com.au) Received: from nobody by mx1.au.itouchnet.net with scanned_ok (Exim 3.36 #1) id 19Rnqf-000Dxd-00 for freebsd-questions@freebsd.org; Mon, 16 Jun 2003 16:52:13 +1000 X-TLS: TLSv1:DES-CBC3-SHA:168 athomson.prv.au.itouchnet.net -> mx1.au.itouchnet.net Received: from athomson.prv.au.itouchnet.net ([192.168.13.55]) by mx1.au.itouchnet.net with esmtp (TLSv1:DES-CBC3-SHA:168) (Exim 3.36 #1) id 19Rnqe-000DxW-00 for freebsd-questions@freebsd.org; Mon, 16 Jun 2003 16:52:13 +1000 Received: from localhost ([127.0.0.1] helo=athomson.prv.au.itouchnet.net) by athomson.prv.au.itouchnet.net with esmtp (Exim 4.20) id 19Rnqe-0000Me-Ni for freebsd-questions@freebsd.org; Mon, 16 Jun 2003 16:52:12 +1000 Received: (from ajt@localhost)h5G6qC26001403 for freebsd-questions@freebsd.org; Mon, 16 Jun 2003 16:52:12 +1000 (EST) X-Authentication-Warning: athomson.prv.au.itouchnet.net: ajt set sender to ajthomson@optushome.com.au using -f Date: Mon, 16 Jun 2003 16:52:12 +1000 From: Andrew Thomson To: freebsd-questions@freebsd.org Message-ID: <20030616065212.GB600@athomson.prv.au.itouchnet.net> References: <20030613070438.GO15745@athomson.prv.au.itouchnet.net> <3EE9D5DD.1090209@potentialtech.com> <20030615234105.GD60583@athomson.prv.au.itouchnet.net> <20030616072526.1a25943a.bsdwave@go.ro> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030616072526.1a25943a.bsdwave@go.ro> User-Agent: Mutt/1.4.1i X-Checked: Scanned for any viruses and unauthorized attachments at mx1.au.itouchnet.net X-iScan-ID: 53665-1055746333-24940@mx1.au.itouchnet.net version $Name: REL_2_0_2 $ Subject: Re: more transparent proxy and squid questions. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jun 2003 06:52:16 -0000 i'm still having issues here.. has anyone else got transparent proxy going with firewall and squid on different boxes?? anyway, from the squid faq, does this apply to freebsd these days?? ..."Compile and run a version of Squid which accepts connections for other addresses. For some operating systems, you need to have configured and built a version of Squid which can recognize the hijacked connections and discern the destination addresses. For Linux this seems to work automatically. For *BSD-based systems, you probably have to configure squid with the --enable-ipf-transparent option. (Do a make clean if you previously configured without that option, or the correct settings may not be present.)"... i'm trying to use ipfw for my fwd'ing from the firewall to the proxy server. thanks, ajt. On Mon, Jun 16, 2003 at 07:25:26AM +0300, Rapier wrote: > From what you've said you have natd enabled,instead of redirecting with ipfw you shoud redirect with natd!man natd > > > On Mon, 16 Jun 2003 09:41:05 +1000 > Andrew Thomson wrote: > > > On Fri, Jun 13, 2003 at 09:47:09AM -0400, Bill Moran wrote: > > > > > > Yes. You've got the right idea. > > > > > > > hmm.. i have encountered some difficulties ;) so now i'm seeking some > > more advice.. > > > > i have the following rules on my firewall: > > > > 10561 skipto 11000 ip from 192.168.1.2 to any > > 10562 fwd 192.168.1.2,3128 tcp from 192.168.1.3 to any 80 > > > > keeping in line with my example, 1=fwall, 2=squid, 3=user > > > > the skipto is in there so we go through nat and get a proper ip. > > > > i never see any packets get to the squid box though.. > > > > ipfw show indicates matching packets > > ipfw show 10561 10562 > > 10561 5342 331306 skipto 11000 ip from 192.168.1.2 to any > > 10562 2520 120960 fwd 192.168.1.2,3128 tcp from 192.168.1.3 to any 80 > > > > a tcpdump on the squid box looking out for port 3128 shows nothing, although > > the ipfw shows matches.. > > > > i'll keep digging around but any more tips would be appreciated on this > > setup. > > > > thanks, > > > > andrew. > > > > > > > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >