From owner-freebsd-questions Sat Feb 15 14:40:15 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7847437B401 for ; Sat, 15 Feb 2003 14:40:13 -0800 (PST) Received: from cecov.masternet.it (cecov.masternet.it [194.184.65.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6549543FBF for ; Sat, 15 Feb 2003 14:40:11 -0800 (PST) (envelope-from gmarco@scotty.masternet.it) Received: from usul.scotty.masternet.it (freebsd.giovannelli.com [194.184.65.139]) by cecov.masternet.it (8.12.6/8.12.6) with ESMTP id h1FMgarN015345; Sat, 15 Feb 2003 23:42:37 +0100 (CET) (envelope-from gmarco@scotty.masternet.it) Message-Id: <5.2.0.9.2.20030215233617.015fee50@194.184.65.7> X-Sender: gmarco@194.184.65.7 (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Sat, 15 Feb 2003 23:41:00 +0100 To: 520023893678-0001@t-online.de (P. U. Kruppa), Dancho Penev From: Gianmarco Giovannelli Subject: Re: squid and ipfw ... fwd ... Cc: freebsd-questions@FreeBSD.ORG In-Reply-To: <20030214082241.Y681@small.pukruppa.de> References: <20030213185051.GA536@earth.dpsca.bg> <20030213183028.S681@small.pukruppa.de> <20030213185051.GA536@earth.dpsca.bg> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG At 14/02/2003, P. U. Kruppa wrote: >On Thu, 13 Feb 2003, Dancho Penev wrote: > > > On Thu, Feb 13, 2003 at 06:44:24PM +0100, P. U. Kruppa wrote: > > >Date: Thu, 13 Feb 2003 18:44:24 +0100 (CET) > > >From: 520023893678-0001@t-online.de (P. U. Kruppa) > > >To: freebsd-questions@FreeBSD.ORG > > >Subject: squid and ipfw ... fwd ... > > > > > >Hi! > > > > > >I am trying to setup a transparent proxy with Squid. This should work, squid on port 3128 on the gateway of the intranet. # Transparent Proxy -- ipfw (before divert rules) .... ${ipfwcmd} 0045 pass tcp from ${MY_EXTERNAL_IP} to any 80 ${ipfwcmd} 0049 fwd 127.0.0.1,3128 tcp from any to any 80 --> minimal squid.conf http_port 3128 httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on cache_dir null /tmp cache_access_log /usr/local/squid/logs/access.log cache_log /usr/local/squid/logs/cache.log ftp_user squid@ ftp_passive off acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl yournet src ${YOUR_NET_CLASS} http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow ${YOUR_NET_CLASS} http_access deny all Please let me know... Best Regards, Gianmarco Giovannelli , "Unix expert since yesterday" http://www.gufi.org/~gmarco To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message