From owner-freebsd-questions Sat Dec 7 0:34:46 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3881437B401 for ; Sat, 7 Dec 2002 00:34:45 -0800 (PST) Received: from smtp01.mrf.mail.rcn.net (smtp01.mrf.mail.rcn.net [207.172.4.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id A058643EBE for ; Sat, 7 Dec 2002 00:34:44 -0800 (PST) (envelope-from rjhalljr@starpower.net) Received: from 66-44-63-232.s486.tnt5.lnhva.md.dialup.rcn.com ([66.44.63.232] helo=sten.alder.net) by smtp01.mrf.mail.rcn.net with smtp (Exim 3.35 #4) id 18KaQ2-0001UG-00 for freebsd-questions@freebsd.org; Sat, 07 Dec 2002 03:34:38 -0500 Received: by sten.alder.net (sSMTP sendmail emulation); Sat, 7 Dec 2002 03:34:34 -0500 Date: Sat, 7 Dec 2002 03:34:34 -0500 From: "Bob Hall" To: FreeBSD Questions List Subject: Squid & transparent proxy Message-ID: <20021207083434.GA26544@sten.alder.net> Mail-Followup-To: Bob Hall , FreeBSD Questions List Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I'm trying to set squid up as a transparent proxy. I'm able to do everything except the transparent part. If I point a web browser at squid, everything works fine. But it won't work transparently. FreeBSD 4.4 squid-2.5_1 # ipfw l 00049 allow tcp from 192.168.0.1 to any 00050 divert 8668 ip from any to any via ppp0 65000 allow ip from any to any 65000 allow ip from any to any 65535 deny ip from any to any Standard squid configuration. http_port 3128 httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on I can run a web browser on the cache machine with configuring it for the cache, and it uses the cache (entry in access.log). I can point a web browser on another machine at squid, and it uses the cache (another entry in access.log). But if I don't manually configure the browser on the other host, ipfw -t l shows that rule 00050 was matched, but there's no entry in the access log. I've tried the following three versions of rule 50, with the same result: ${fwcmd} add 50 fwd 127.0.0.1 tcp from any to any 80 ${fwcmd} add 50 fwd 127.0.0.1,3128 tcp from any to any 80 ${fwcmd} add 50 fwd 192.168.0.1,3128 tcp from 192.168.0.0/24 to any 80 When I sh /etc/rc.firewall and then then test squid again, I still can't get transparent proxying, except on the machine that squid runs on. Bob Hall To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message