From owner-freebsd-questions@FreeBSD.ORG Mon Nov 19 15:11:08 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5E7A516A478 for ; Mon, 19 Nov 2007 15:11:08 +0000 (UTC) (envelope-from iaccounts@ibctech.ca) Received: from pearl.ibctech.ca (pearl.ibctech.ca [208.70.104.210]) by mx1.freebsd.org (Postfix) with ESMTP id EB9B613C481 for ; Mon, 19 Nov 2007 15:11:07 +0000 (UTC) (envelope-from iaccounts@ibctech.ca) Received: (qmail 67435 invoked by uid 1002); 19 Nov 2007 15:10:42 -0000 Received: from iaccounts@ibctech.ca by pearl.ibctech.ca by uid 89 with qmail-scanner-1.22 (spamassassin: 2.64. Clear:RC:1(208.70.104.100):. Processed in 8.475184 secs); 19 Nov 2007 15:10:42 -0000 Received: from unknown (HELO ?192.168.30.110?) (steve@ibctech.ca@208.70.104.100) by pearl.ibctech.ca with (DHE-RSA-AES256-SHA encrypted) SMTP; 19 Nov 2007 15:10:33 -0000 Message-ID: <4741A773.8010101@ibctech.ca> Date: Mon, 19 Nov 2007 10:10:43 -0500 From: Steve Bertrand User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: infofarmer@FreeBSD.org References: <473DD804.1020502@ibctech.ca> <20071118151716.GA57722@amilo.cenkes.org> <4741968A.3010009@ibctech.ca> <20071119145205.GE57722@amilo.cenkes.org> In-Reply-To: <20071119145205.GE57722@amilo.cenkes.org> X-Enigmail-Version: 0.95.5 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD router and WCCP X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Nov 2007 15:11:08 -0000 > ipfw forwarding is a very easy way to redirect traffic without > changing it. PF has similar functionality. It all depends on what > the appliance supports. If wccp is the only way it can eat > packets, try playing with gre(4). But maybe it'll consume just > plain packets with "wrong" IP destinations arriving on its MAC > address, just the way squid on FreeBSD does. > > BTW, if the appliance supports ICAP, you'll be much better off > running squid on a FreeBSD box and filtering content through > ICAP. The appliance does indeed have ICAP capabilities, but I have never dabbled with it before. I am familiar with IPFW, but I'd like to know all options in order to choose the best one. I would very much prefer to do this in a way without having to have Squid running on the box, but will if I have to. >> The filter will not be inline, and it will be an opt-in type service, so >> only certain traffic will need to be redirected. > > You'll be able to use ipfw or pf to tune the policies to a very > fine degree. Thanks for your help! Steve