From owner-freebsd-questions@FreeBSD.ORG Mon Aug 4 09:45:38 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6F3B137B404 for ; Mon, 4 Aug 2003 09:45:38 -0700 (PDT) Received: from insourcery.net (ns1.insourcery.net [198.93.171.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 506BC43F93 for ; Mon, 4 Aug 2003 09:45:37 -0700 (PDT) (envelope-from fbsdquestions@worldinternet.org) Received: from localhost (localhost [127.0.0.1]) (uid 80) by insourcery.net with local; Mon, 04 Aug 2003 09:45:37 -0700 Received: from customer-200-79-7-13.uninet.net.mx (customer-200-79-7-13.uninet.net.mx [200.79.7.13]) by mail.worldinternet.org (Horde) with HTTP for ; Mon, 4 Aug 2003 09:45:37 -0700 Message-ID: <1060015537.e743e870853e2@mail.worldinternet.org> X-Priority: 3 (Normal) Date: Mon, 4 Aug 2003 09:45:37 -0700 From: fbsdquestions@worldinternet.org To: freebsd-questions@freebsd.org References: <1060003482.e2623ffc060f8@mail.worldinternet.org> <20030804144724.GC7562@happy-idiot-talk.infracaninophile.co.uk> In-Reply-To: <20030804144724.GC7562@happy-idiot-talk.infracaninophile.co.uk> MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) 4.0-cvs X-Originating-IP: 200.79.7.13 Subject: Re: ipfw - natd - squid - 3 Nic's - 1 FBSD 5.1 server and routing question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Aug 2003 16:45:38 -0000 Quoting Matthew Seaman : | On Mon, Aug 04, 2003 at 06:24:42AM -0700, fbsdquestions@worldinternet.org | wrote: | This sounds to me like a policy based routing problem -- googling for | "policy based routing FreeBSD" in Google Groups should prove | informative. | | However, the mechanism is basically the same as you've used to | implement your transparent proxy. All you need to do is insert | another rule to trap the port 80 traffic coming out of Squid and send | the packets to the next-hop gateway on your rl2 interface. That | presumably has it's default route set via the cable network. | | Something like: | | 00500 fwd 10.24.207.254 tcp from me to any 80 Matthew, Thanks, It seems to solve the problem. | | (assuming that 10.24.207.254 is the router address in the cable | companies' network.) Since your Squid is already using a Cable | Co. address as the source address on any outgoing packets this should | cause all in- and out-going HTTP traffic to pass via the Cable | Co. network. Indeed they do. Thanks again. ed -------------------------------------------------