From owner-freebsd-isp  Mon Dec 21 01:34:25 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id BAA28321
          for freebsd-isp-outgoing; Mon, 21 Dec 1998 01:34:25 -0800 (PST)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from Guard.PolyNet.Lviv.UA (Guard.PolyNet.Lviv.UA [194.44.138.1])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id BAA28293
          for <freebsd-isp@FreeBSD.ORG>; Mon, 21 Dec 1998 01:34:05 -0800 (PST)
          (envelope-from pam@polynet.lviv.ua)
From: pam@polynet.lviv.ua
Received: (qmail 27912 invoked by alias); 21 Dec 1998 09:33:40 -0000
Received: (qmail 27904 invoked from network); 21 Dec 1998 09:33:39 -0000
Received: from postoffice.polynet.lviv.ua (194.44.138.1)
  by guard.polynet.lviv.ua with SMTP; 21 Dec 1998 09:33:39 -0000
Received: (qmail 14174 invoked by uid 1001); 21 Dec 1998 09:33:38 -0000
Date: 21 Dec 1998 11:33:38 +0200
Date: Mon, 21 Dec 1998 11:33:37 +0200 (EET)
X-Sender: pam@NetSurfer.lp.lviv.ua
To: Julian Elischer <julian@whistle.com>
cc: Steve Ames <steve@ns1.cioe.com>, freebsd-isp@FreeBSD.ORG
Subject: Re: Transparent Proxy: FBSD 3.0, Squid and NAT
In-Reply-To: <Pine.BSF.3.95.981217114615.2175B-100000@current1.whistle.com>
Message-ID: <Pine.BSF.4.02.9812211129410.11706-100000@NetSurfer.lp.lviv.ua>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, 17 Dec 1998, Julian Elischer wrote:

> If you are using FreeBSD 3.0 then why not use the kernel's built-in
> transproxy support?

Can somebody post sample code for using that kernel-level transparent
proxy support? It seems to lack documentation on this feature :-( 

Do I have just to invoke getsockname() to get real destination IP/port or
what?

Thanks in advance.

> what machine is the proxy server running on? If on the gateway machine,
> then all you need is the firewall rule:
> 
> ipfw add 2 fwd 127.0.0.1,3128 tcp from any to 0.0.0.0/0 80 in recv ed1 out
> xmit ed0
> 
> where ed0 is your internet interface, and ed1 is your internal interface
> 3128 is the squid listenning port.
> 
> your kernel needs option IPFIREWALL_FORWARD

Adrian Pavlykevych 			email: 		<pam@polynet.lviv.ua>
System Administrator			phone/fax:	+380 (322) 742041
State University "Lvivska Polytechnica"


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message