From owner-freebsd-questions@FreeBSD.ORG Fri Feb 27 03:42:15 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DE7A016A4CE for ; Fri, 27 Feb 2004 03:42:15 -0800 (PST) Received: from morpheus.trusc.net (morpheus.trusc.net [66.18.79.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id 63FA743D1D for ; Fri, 27 Feb 2004 03:41:48 -0800 (PST) (envelope-from leon@trusc.net) Received: from localhost.trusc.net ([127.0.0.1] helo=localhost) by morpheus.trusc.net (Exim 4.30 #0 (FreeBSD 4.7)) protocol: esmtp id 1AwgMx-0001A6-GQ for ; Fri, 27 Feb 2004 13:41:27 +0200 Received: from morpheus.trusc.net ([127.0.0.1]) by localhost (morpheus.trusc.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 89292-20 for ; Fri, 27 Feb 2004 13:41:26 +0200 (SAST) Received: from [192.168.255.25] (helo=leonlap) by morpheus.trusc.net (Exim 4.30 #0 (FreeBSD 4.7)) protocol: esmtp id 1AwgMw-00019z-6j for ; Fri, 27 Feb 2004 13:41:26 +0200 From: "Leon Botes" To: Date: Fri, 27 Feb 2004 13:41:11 +0200 Organization: Trusc Technologies (Pty) Ltd MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Thread-Index: AcP9JpgZEHX2VN6xTCGJZUqhxn337w== X-Virus-Scanned: by amavisd-new at trusc.net Message-Id: <20040227114148.63FA743D1D@mx1.FreeBSD.org> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: IPFW & SQUID & 2 bsd boxes & 2 different internet routers X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: leon@trusc.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Feb 2004 11:42:16 -0000 Here is something that gave me uphill for a long time which I thought I might share with anyone who is interested. The problem was the traffic was too much for the one line so we installed a second line. How to divert all the http 80 stuff down the second line using a second box as a proxy? Box A is the bsd gateway with nics IIF and OIF. Runs ipfw which forwards the tcp 80 connections from the IIF network to box B It has a default gateway of internet router C Box B is the squid proxy running in httpd accelerator mode with one nic on the same network as the Box A OIF. Runs ipfw which forwards the tcp 80 connections coming into it to 127.0.0.1:3128. It has a default gateway of internet router D The answer is all in the ipfw rules. On box A: Add this rule AFTER the natd rules Ipfw add (rulenumber) fwd (Box B) tcp from any to any 80 out via (oif) On box B: Ipfw add (firstrulenumber) fwd 127.0.0.1,3128 tcp from any to any 80 in via (oif) That rule forwards all incoming requests to the squid running on the localhost. If you are stuck with only one box do this in the rules: Ipfw add fwd 127.0.0.1,3128 tcp from any to any 80 in via IIF Ipfw fwd (router for the http) tcp from any to any 80 out via OIF Any suggestions, improvements or shoot me downs are welcome. Leon