From owner-freebsd-isp@FreeBSD.ORG Wed Jul 9 05:17:44 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 21DE937B401 for ; Wed, 9 Jul 2003 05:17:44 -0700 (PDT) Received: from ksemat.co.ug (ping2.mtn.co.ug [212.88.97.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 59C4743F85 for ; Wed, 9 Jul 2003 05:17:38 -0700 (PDT) (envelope-from ksemat@ksemat.co.ug) Received: by ksemat.co.ug (Postfix, from userid 1000) id 2A25FFEDE; Wed, 9 Jul 2003 15:16:03 +0300 (EAT) Received: from localhost (localhost [127.0.0.1]) by ksemat.co.ug (Postfix) with ESMTP id 258A6FDEE; Wed, 9 Jul 2003 15:16:03 +0300 (EAT) Date: Wed, 9 Jul 2003 15:16:03 +0300 (EAT) From: Noah K Sematimba To: eculp@encontacto.net In-Reply-To: <1057695236.51317f5568a73@mail.encontacto.net> Message-ID: <20030709151451.B365@ksemat.co.ug> References: <1057695236.51317f5568a73@mail.encontacto.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-isp@freebsd.org Subject: Re: How to use transparent kernel proxy with squid? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Jul 2003 12:17:44 -0000 I use a similar rule and it worked beautifully though I did not bother to add the recv and xmit stuff. Afterall I already block private ips from coming in my external interface anyways. Noah. On Tue, 8 Jul 2003 eculp@encontacto.net wrote: > I want to use squid as a transparent proxy for http. The last time I did > this several years ago I used transproxy but I understand that it can > now be done in the kernel. I have all the firewall options compiled in the > kernel [current] and ipfw and natd are working as expected. I am trying to > do something like > > ipfw add 300 fwd 127.0.0.1,3128 tcp from 192.168.1.0/24 to 0.0.0.0/0 80 \ > recv rl1 out xmit rl0 > > Squid and the firewall are running on the same machine and and I want all > the 192.168.1 network to be forced to use squid. > > Thanks for any tips, > > ed > > -- > > > ------------------------------------------------- > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >