From owner-freebsd-questions Sat Dec 7 14:50:57 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AA47037B401 for ; Sat, 7 Dec 2002 14:50:55 -0800 (PST) Received: from mail.karamazov.org (h162-040-089-010.adsl.navix.net [162.40.89.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 61A3443E4A for ; Sat, 7 Dec 2002 14:50:54 -0800 (PST) (envelope-from smoberly@karamazov.org) Received: from karamazov.org (mail.karamazov.org [10.0.0.11]) by mail.karamazov.org (8.12.6/8.12.6) with SMTP id gB7Mof9j038252; Sat, 7 Dec 2002 16:50:41 -0600 (CST) (envelope-from smoberly@karamazov.org) From: "Scott A. Moberly" Received: from 10.0.0.2 (SquirrelMail authenticated user smoberly) by mail.karamazov.org with HTTP; Sat, 7 Dec 2002 16:50:41 -0600 (CST) Message-ID: <1297.10.0.0.2.1039301441.squirrel@mail.karamazov.org> Date: Sat, 7 Dec 2002 16:50:41 -0600 (CST) Subject: Re: need help setting up a transparent proxy To: In-Reply-To: <20021207193526.GA1123@gforce.johnson.home> References: <20021207193526.GA1123@gforce.johnson.home> X-Priority: 3 Importance: Normal Cc: X-Mailer: SquirrelMail (version 1.2.9) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > I am trying to set up a transparent squid proxy with ipfw. I am using > FreeBSD 4.7-STABLE (current as of today), version 2.5_1 of squid. I > have read the relevant information on the squid Web site and searched > the FreeBSD mail archive. I am pretty sure I have everything set up > right but it just does not work. > > I have the following in my kernel config: > > options IPFIREWALL #firewall > options IPFIREWALL_FORWARD #enable transparent proxy > support options IPDIVERT #divert sockets > options IPSTEALTH #support for stealth forwarding > > I have the following in my squid.conf file: > > http_port 3128 > httpd_accel_port 80 > httpd_accel_host virtual > httpd_accel_with_proxy on > httpd_accel_uses_host_header on > > I am using the "SIMPLE" firewall setup I have the following in my > rc.firewall file > > # Allow setup of any other TCP connection > ${fwcmd} add pass tcp from any to any setup > > # Try this to get a transparent proxy > ${fwcmd} add fwd 127.0.0.1,3128 tcp from any to any 80 > > I have also tried setting the first rule above to "...any to any 80" but > that did not help. > > What am I missing? > > Thanks. Looks like an infinite loop to me. If this is on a gateway machine, you might try: $fwcmd add fwd 127.0.0.1,3128 from INTERNAL_NETWORK to any 80 If the machine in inside the network you will want a skipto statement. Skiping over this statement for the machine itself will resurrect you from the infinite loop. -- Scott A. Moberly smoberly@karamazov.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message