From owner-freebsd-questions Thu Feb 13 10:51:13 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A3F0A37B401 for ; Thu, 13 Feb 2003 10:51:11 -0800 (PST) Received: from mail.bg (ip220-81.mnet.bg [193.110.220.81]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5DD0E43F93 for ; Thu, 13 Feb 2003 10:51:07 -0800 (PST) (envelope-from dpenev@mail.bg) Received: from mail.bg (localhost. [127.0.0.1]) by mail.bg (8.12.6/8.12.6) with ESMTP id h1DIotZI001616; Thu, 13 Feb 2003 20:50:56 +0200 (EET) (envelope-from dpenev@mail.bg) Received: (from dpenev@localhost) by mail.bg (8.12.6/8.12.6/Submit) id h1DIoprE001615; Thu, 13 Feb 2003 20:50:51 +0200 (EET) Date: Thu, 13 Feb 2003 20:50:51 +0200 From: Dancho Penev To: "P. U. Kruppa" <520023893678-0001@t-online.de> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: squid and ipfw ... fwd ... Message-ID: <20030213185051.GA536@earth.dpsca.bg> Mail-Followup-To: "P. U. Kruppa" <520023893678-0001@t-online.de>, freebsd-questions@FreeBSD.ORG References: <20030213183028.S681@small.pukruppa.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: <20030213183028.S681@small.pukruppa.de> User-Agent: Mutt/1.4i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, Feb 13, 2003 at 06:44:24PM +0100, P. U. Kruppa wrote: >Date: Thu, 13 Feb 2003 18:44:24 +0100 (CET) >From: 520023893678-0001@t-online.de (P. U. Kruppa) >To: freebsd-questions@FreeBSD.ORG >Subject: squid and ipfw ... fwd ... > >Hi! > >I am trying to setup a transparent proxy with Squid. > >Proxying and caching itself works fine (thanks to the help of >this list!) - my Squid is listening on port 80. > >I have got the ipfw kernel module running and seem to be able to >change all kinds of rules via ipfw or from bootup via some >firewall configuration file. As all kinds of manuals advise I do ># ipfw add 200 allow tcp from 192.168.10.1 to any >and still everything works fine. But when I try the next line ># ipfw add 300 fwd 127.0.0.1 tcp from any to any 80 >I keep receiving access denied messages from squid. Put in squid config file something like this (change ip address and netmask): acl permitednet src 192.168.0.0/255.255.0.0 http_access allow permitednet Take a look at ACCESS CONTROLS section in squid.conf for more details. In fact if you keep above two ipfw rules transparent proxy will not work for 192.168.10.1 . > >I found several emails about this problem in Google but no >solution. > > >What can be done now? > >Thanks for any ideas, > >Uli. > >*-----------------------------------* >* Peter Ulrich Kruppa * >* - Wuppertal - * >* Germany * >*-----------------------------------* > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message -- Regards, Dancho Penev To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message