From owner-freebsd-questions Sat Dec 21 15:28: 9 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E66D837B401 for ; Sat, 21 Dec 2002 15:28:07 -0800 (PST) Received: from mail.wsnet.co.za (dns1.cics.co.za [196.36.190.122]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2C63943EDC for ; Sat, 21 Dec 2002 15:28:02 -0800 (PST) (envelope-from mark@netchat.co.za) Received: (qmail 76349 invoked by uid 85); 21 Dec 2002 23:28:45 -0000 Received: from unknown (HELO localhost) (127.0.0.1) by localhost with SMTP; 21 Dec 2002 23:28:42 -0000 Received: from mail.wsnet.co.za ( [mail.wsnet.co.za]) as user mark@netchat.co.za@localhost by horde.wsnet.co.za with HTTP; Sun, 22 Dec 2002 01:28:39 +0200 Message-ID: <1040513319.3e04f927e9b0c@horde.wsnet.co.za> Date: Sun, 22 Dec 2002 01:28:39 +0200 From: Mark Pearce To: freebsd-questions@FreeBSD.ORG Subject: IPFW Squid problem MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 3.1 / FreeBSD-4.6.2 X-Originating-IP: 196.36.190.122 X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi all I have a small problem with Squid, I am running 4.7-STABLE on a server that is running 3 network cards, all with private range IP's. I have installed squid with the transparent proxy functionality as per the ports and it works 100%. My network is as follows: 10.0.2.100 -> router to the internet 10.0.4.1 -> internal network with hosted webserver 10.0.0.1 -> private lan MY situation is as follows: My router has a cross over cable connected to this machine, the other 2 cards are supporting a hosted server and other clients wanting internet access via my line. I have the following rules loaded at the moment. 00051 88 14535 allow tcp from 10.0.2.100 to any 00052 61 8058 fwd 127.0.0.1 tcp from any to any 80 65535 18147300 8402581899 allow ip from any to any My problem is that I have a hosted webserver on one of the network cards and if I run the rules listed above as directed by www.squid-cache.org, the transparent proxy works, but all requests to the hosted web server fail. I suspect that this is due to every request passing though the server on port 80 is redirected to the proxy server. How can I allow packets directed to the webserver not be "hijacked" by the fwd rule for the proxy server as I suspect that this will allow the hosted webserver to work as per normal. Thanks Mark ------------------------------------------------- This mail has been virus scanned! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message