Date: Mon, 21 Aug 2000 18:24:49 -0400 From: "MANAS Mail Administrator" <postbox@manas.kg> To: <freebsd-questions@FreeBSD.ORG> Subject: please help me with ipfw and transparent proxy Message-ID: <001801c00bbe$a0cf8420$076c2ad4@manas.kg>
index | next in thread | raw e-mail
[-- Attachment #1 --] Good day! Could you please tell me where is a mistake in transparent proxy configuration? I have squid working on 3128 port. I would like to setup transparent proxy: so, my squid.conf configuration is: http_port 3128 httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on my ipfw rules are (ipfw show): 00100 17205 10373558 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 allow ip from xxx.xxx.xxx.xxx to aaa.aaa.aaa.aaa/24 00400 0 0 allow ip from aaa.aaa.aaa.aaa/24 to xxx.xxx.xxx.xxx 00500 428420 176180909 allow tcp from any to any established 00600 0 0 allow tcp from any to xxx.xxx.xxx.xxx 25 setup 00700 6292 276848 allow tcp from xxx.xxx.xxx.xxx to any setup 00800 17036 806604 allow tcp from any to any setup 00900 1235 243497 allow udp from any 53 to xxx.xxx.xxx.xxx 01000 1328 83719 allow udp from xxx.xxx.xxx.xxx to any 53 01100 0 0 allow udp from any 123 to xxx.xxx.xxx.xxx 01200 0 0 allow udp from xxx.xxx.xxx.xxx to any 123 65535 114488 38920560 allow ip from any to any xxx.xxx.xxx.xxx - is a router's IP. aaa.aaa.aaa.aaa - LAN so, I would like to forward all 80 packets to squid (3128). Using Squid-FAQ: ipfw add 49 allow tcp from xxx.xxx.xxx.xxx to any ipfw add 50 fwd 127.0.0.1,3128 tcp from any to any 80 After that I have troubles - 1) This configuration works fine during 3-4 minutes, than I could not reach my local website - it says Access Denied. 2) After 1-2 minutes after 1). I do not have entire Internet connection - there is no any squid errors - browser just tries to reach any website with no success. I do not understand where is a mistake? Looks like some kind of overflow but where is it? I use FreeBSD 3.4 Release, Squid 2.2Stable5. Thank you very much. [-- Attachment #2 --] <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META content="text/html; charset=koi8-r" http-equiv=Content-Type> <META content="MSHTML 5.00.2314.1000" name=GENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=#ffffff> <DIV><FONT face=Arial size=2>Good day!</FONT></DIV> <DIV> </DIV> <DIV><FONT face=Arial size=2>Could you please tell me where is a mistake in transparent proxy configuration?<BR>I have squid working on 3128 port. I would like to setup transparent proxy:<BR></FONT></DIV> <DIV><FONT face=Arial size=2>so, my squid.conf configuration is:</FONT></DIV> <DIV> </DIV> <DIV><FONT face=Arial size=2>http_port 3128<BR>httpd_accel_host virtual<BR>httpd_accel_port 80<BR>httpd_accel_with_proxy on<BR>httpd_accel_uses_host_header on</FONT></DIV> <DIV> </DIV> <DIV><FONT face=Arial size=2>my ipfw rules are (ipfw show):<BR>00100 17205 10373558 allow ip from any to any via lo0<BR>00200 0 0 deny ip from any to 127.0.0.0/8<BR>00300 0 0 allow ip from xxx.xxx.xxx.xxx to aaa.aaa.aaa.aaa/24<BR>00400 0 0 allow ip from aaa.aaa.aaa.aaa/24 to xxx.xxx.xxx.xxx<BR>00500 428420 176180909 allow tcp from any to any established<BR>00600 0 0 allow tcp from any to xxx.xxx.xxx.xxx 25 setup<BR>00700 6292 276848 allow tcp from xxx.xxx.xxx.xxx to any setup<BR>00800 17036 806604 allow tcp from any to any setup<BR>00900 1235 243497 allow udp from any 53 to xxx.xxx.xxx.xxx<BR>01000 1328 83719 allow udp from xxx.xxx.xxx.xxx to any 53<BR>01100 0 0 allow udp from any 123 to xxx.xxx.xxx.xxx<BR>01200 0 0 allow udp from xxx.xxx.xxx.xxx to any 123<BR>65535 114488 38920560 allow ip from any to any</FONT></DIV> <DIV> </DIV> <DIV><FONT face=Arial size=2>xxx.xxx.xxx.xxx - is a router's IP.<BR>aaa.aaa.aaa.aaa - LAN</FONT></DIV> <DIV> </DIV> <DIV><FONT face=Arial size=2>so, I would like to forward all 80 packets to squid (3128).</FONT></DIV> <DIV> </DIV> <DIV><FONT face=Arial size=2>Using Squid-FAQ:<BR>ipfw add 49 allow tcp from xxx.xxx.xxx.xxx to any<BR>ipfw add 50 fwd 127.0.0.1,3128 tcp from any to any 80</FONT></DIV> <DIV> </DIV> <DIV><FONT face=Arial size=2>After that I have troubles -<BR>1) This configuration works fine during 3-4 minutes, than I could not reach my local website - it says Access Denied.<BR>2) After 1-2 minutes after 1). I do not have entire Internet connection - there is no any squid errors - browser just tries to reach any website with no success.</FONT></DIV> <DIV> </DIV> <DIV><FONT face=Arial size=2>I do not understand where is a mistake? Looks like some kind of overflow but where is it?</FONT></DIV> <DIV><FONT face=Arial size=2><BR>I use FreeBSD 3.4 Release, Squid 2.2Stable5.</FONT></DIV> <DIV> </DIV> <DIV><FONT face=Arial size=2>Thank you very much.</FONT></DIV></BODY></HTML>help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001801c00bbe$a0cf8420$076c2ad4>