From owner-freebsd-net Wed Mar 5 3:19:36 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2E6C137B401 for ; Wed, 5 Mar 2003 03:19:34 -0800 (PST) Received: from hotmail.com (f88.law15.hotmail.com [64.4.23.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id BFA1E43F75 for ; Wed, 5 Mar 2003 03:19:31 -0800 (PST) (envelope-from soheil_hh@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 5 Mar 2003 03:19:27 -0800 Received: from 194.225.40.59 by lw15fd.law15.hotmail.msn.com with HTTP; Wed, 05 Mar 2003 11:19:27 GMT X-Originating-IP: [194.225.40.59] From: "soheil soheil" To: darcy@wavefire.com, freebsd-net@freebsd.org Subject: Re: Transparent Proxy Date: Wed, 05 Mar 2003 11:19:27 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 05 Mar 2003 11:19:27.0706 (UTC) FILETIME=[15A3C3A0:01C2E309] Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I think if you add the following rule to the ipfw rules on 192.168.0.1 ( the squid-running host ) you can have your proxy working. skipto 510 tcp from 192.168.0.1 to any dst-port 80 >From: Darcy Buskermolen >To: freebsd-net@freebsd.org >Subject: Transparent Proxy >Date: Tue, 25 Feb 2003 16:42:09 -0800 > > >(Promoted to -net due to lack of responces on -questions) > > >I'm trying to deploy a transparent proxy server for a friend's office but >have >run into a couple of snags that I can't seam to find the correct answer >for. >Please see http://home2.dbitech.bc.ca:8080/netconfig.txt for graphical >topology > >Note that I'm running IPFW2 on both BSD boxes. > >ipfw list output on 192.168.0.254: > >00001 skipto 50000 tcp from any 1023-65535 to me dst-port 22 >00040 skipto 50 tcp from 192.168.0.1 to any dst-port 80 >00048 fwd 192.168.0.1 tcp from 192.168.0.0/24 to any dst-port 80 out >00999 divert 8669 ip from any to any via ed0 >65533 allow ip from any to any >65535 deny ip from any to any > >ipfw list output on 192.168.0.1: > >00500 fwd 127.0.0.1,3128 ip from 192.168.0.0/16 to any dst-port 80 in >65000 allow ip from any to any >65535 deny ip from any to any > >When the windows box (192.168.0.32) makes a web request it gets forwarded >to >the squid machine fine, and squid returns a "access denied" error message, >checking the cache.log on squid I see the reason is as follows: > >2003/02/20 04:19:47| WARNING: Forwarding loop detected for: >GET / HTTP/1.0 > >All the information I can find online regaring setting up transparent >proxying >for squid using ipfw shows squid running on the gateway host, or on a >diffrent network segment. Can anybody point me in the correct direction to >tell me what it is that I'm missing? > >-- >Darcy Buskermolen >Wavefire Technologies Corp. >ph: 250.717.0200 >fx: 250.763.1759 >http://www.wavefire.com > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-net" in the body of the message _________________________________________________________________ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message