Date: Wed, 18 Apr 2007 14:04:28 +0200 From: Volker <volker@vwsoft.com> To: zen <zen@tk-pttuntex.com> Cc: jonathan michaels <jlm@caamora.com.au>, freebsd-stable@freebsd.org Subject: Re: Re: tproxy on freebsd Message-ID: <4626094C.20207@vwsoft.com> In-Reply-To: <462575D4.2010801@tk-pttuntex.com> References: <46247471.9030503@tk-pttuntex.com> <200704172129.22275.sanya-spb@list.ru> <20070418095903.12432@caamora.com.au> <462575D4.2010801@tk-pttuntex.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/23/-58 20:59, zen wrote: >> i don't have a problem with this but i am going to be setting up a >> similar setup and would appreciate the help a working setup would >> provide. >> > any help will be appreciated, i could use a sample configuration file > regarding this problem. zen & others, building a transparent proxy using pf + squid is an easy topic and well documented on the net. In detail, it's going that way: pf (assuming nve0 is your local IF): rdr on nve0 from any to any port 80 -> 127.0.0.1 port 3128 pass in on nve0 from any to any port 80 keep state pass in on nve0 from any to 127.0.0.1 port 3128 keep state Now, compile squid with transparent support and use: 'http_port 3128 transparent' in your squid.conf (assuming you're running squid >= 2.6). I'm running several hosts with a setup like that. Also you may want to check out www/havp and use it as a transparent proxy + squid as upstream proxy. That way you also have virus protection for your internal users while surfing the web (I'm also doing things like that as I found it a better solution that squidclam or the like - YMMV). > FYI i already running transparent proxy with ipf+ipnat,: > > rdr nve0 0.0.0.0/0 port 80 -> 122.x.x.x port 3128 tcp > > but with that configuration, still the proxy ip address that visible > when my client using the proxy. Don't understand that sentence. What address is visible to whom? And which address do you want to 'hide'? If you don't want to leak your internal addresses to any outside webserver, this is a squid issue and there should (?) be configuration options for squid. > is it me or just i cant achieve that with FreeBSD? > because i hate to switch to other OS only because of this. No need to switch! :) You may find tons of infos using google or in the ML archives pf@. Also pf@ or isp@ would be the appropriate list for questions like that. HTH, Volker
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4626094C.20207>