Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 1 Feb 2001 18:07:43 -0500 (EST)
From:      mi@aldan.algebra.com
To:        Julian Elischer <julian@elischer.org>
Cc:        questions@freebsd.org, net@freebsd.org
Subject:   Re: transparent proxying through a separate machine
Message-ID:  <200102012307.f11N7iP51027@misha.privatelabs.com>
In-Reply-To: <3A79D157.A18270EB@elischer.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On  1 Feb, Julian Elischer wrote:
= > We have a  single firewall machine and a  _separate_ machine running
= > squid proxy (both servers are on the same network wire).
= >
= > How  do I  catch all  of the  outgoing http  requests and  send them
= > through squid?
= > 
= > I tried
= > 
= >         ipfw add fwd squid,3128 tcp from any to any http
= > 
= > but it does not  seem to work -- squid never  gets contacted. All of
= > the  recipes  out there  describe  the  setups  with squid  and  the
= > firewall  being on  the same  machine. What  else do  I need  to do?
= 
= I assume squid is the name of  the other machine? you need to have the
= same rule in the ipfw on that machine too.

Yes. Ok. This is what I just added to the squid-machine:

	ipfw add allow ip from any to any out
	ipfw add fwd localhost,3128 log tcp from any to any 3128 in

= otherwise it will reflect the packet back at it's original destination
= as it still has headers saying it wants to go there. (It's unaltered).

The firewall machine logs

ipfw: 3000 Forward to squid.ip:3128 TCP client.ip:3977 web.server.ip:80 in via dc0

But the client still talks to the web-server directly :( The squid's log
is quiet... Anything  I'm missing? Perhaps, I need  a user-space program
of some sort to run on the firewall to do the tunneling? Thanks!

	-mi




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102012307.f11N7iP51027>