From owner-freebsd-questions Thu Feb 13 23:38:55 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9180337B401 for ; Thu, 13 Feb 2003 23:38:52 -0800 (PST) Received: from mailout06.sul.t-online.com (mailout06.sul.t-online.com [194.25.134.19]) by mx1.FreeBSD.org (Postfix) with ESMTP id B84DF43F93 for ; Thu, 13 Feb 2003 23:38:51 -0800 (PST) (envelope-from 520023893678-0001@t-online.de) Received: from fwd05.sul.t-online.de by mailout06.sul.t-online.com with smtp id 18jaQo-0003hl-04; Fri, 14 Feb 2003 08:38:46 +0100 Received: from pD901723E.dip.t-dialin.net (520023893678-0001@[217.1.114.62]) by fwd05.sul.t-online.com with esmtp id 18jaQi-11LZXkC; Fri, 14 Feb 2003 08:38:40 +0100 Date: Fri, 14 Feb 2003 08:38:34 +0100 (CET) From: 520023893678-0001@t-online.de (P. U. Kruppa) To: Dancho Penev Cc: "P. U. Kruppa" <520023893678-0001@t-online.de>, "" Subject: Re: squid and ipfw ... fwd ... In-Reply-To: <20030213185051.GA536@earth.dpsca.bg> Message-ID: <20030214082241.Y681@small.pukruppa.de> References: <20030213183028.S681@small.pukruppa.de> <20030213185051.GA536@earth.dpsca.bg> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Sender: 520023893678-0001@t-dialin.net Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, 13 Feb 2003, Dancho Penev wrote: > On Thu, Feb 13, 2003 at 06:44:24PM +0100, P. U. Kruppa wrote: > >Date: Thu, 13 Feb 2003 18:44:24 +0100 (CET) > >From: 520023893678-0001@t-online.de (P. U. Kruppa) > >To: freebsd-questions@FreeBSD.ORG > >Subject: squid and ipfw ... fwd ... > > > >Hi! > > > >I am trying to setup a transparent proxy with Squid. > > > >Proxying and caching itself works fine (thanks to the help of > >this list!) - my Squid is listening on port 80. > > > >I have got the ipfw kernel module running and seem to be able to > >change all kinds of rules via ipfw or from bootup via some > >firewall configuration file. As all kinds of manuals advise I do > ># ipfw add 200 allow tcp from 192.168.10.1 to any > >and still everything works fine. But when I try the next line > ># ipfw add 300 fwd 127.0.0.1 tcp from any to any 80 > >I keep receiving access denied messages from squid. > > Put in squid config file something like this (change ip address and netmask): > > acl permitednet src 192.168.0.0/255.255.0.0 > http_access allow permitednet I have got these. Squid works fine as long as I setup all browsers to use 192.168.10.1's port 80 . But when they are set to automatic detection they don't use Squid. The ipfw rule 300 should redirect all traffic to squid - which it in fact does: The access denial message is produced by Squid. But there everything ends. Uli. > Take a look at ACCESS CONTROLS section in squid.conf for more details. > In fact if you keep above two ipfw rules transparent proxy will not work for > 192.168.10.1 . > > > > >I found several emails about this problem in Google but no > >solution. > > > > > >What can be done now? > > > >Thanks for any ideas, > > > >Uli. > > > >*-----------------------------------* > >* Peter Ulrich Kruppa * > >* - Wuppertal - * > >* Germany * > >*-----------------------------------* > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-questions" in the body of the message > > -- > Regards, > Dancho Penev > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > *-----------------------------------* * Peter Ulrich Kruppa * * - Wuppertal - * * Germany * *-----------------------------------* To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message