Date: Wed, 29 Jun 2016 21:13:42 -0300 From: Thomas <thoms3rd@gmail.com> To: Ataro <ataro@protonmail.ch> Cc: "freebsd-ipfw@freebsd.org" <freebsd-ipfw@freebsd.org> Subject: Re: force all the network traffic through a proxy server. Message-ID: <20160630001342.GA7528@host> In-Reply-To: <OapWx-F4grUVJS2yYX-NGQwKCuYOyoS6y_JiExUWt-orNPggc37yomNenjtjFXNGlgaXZXZO7SoRmhFULkKHnw==@protonmail.ch> References: <OapWx-F4grUVJS2yYX-NGQwKCuYOyoS6y_JiExUWt-orNPggc37yomNenjtjFXNGlgaXZXZO7SoRmhFULkKHnw==@protonmail.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
Tue, Jun 28, 2016 at 01:48:30PM -0400, Ataro via freebsd-ipfw: > Hi there, >=20 > I've set up a FreeBSD machine inside a VirtualBox machine and used IPFW t= o redirect all the requests to the internet through a squid proxy server ru= nning on the same machine in port 3128 in intercept mode (also known as tra= nsparent proxy mode). >=20 > The problem is that I need a way to identify the packets that originates = =66rom the squid server and let them pass out to the Internet but all other= packets must go through the squid server. >=20 > my IPFW rules looks like the following: > ipfw -f flush > ipfw add 50 pass all from any to any via lo0 > ipfw add 100 pass all from any to any proto udp > ipfw add 150 pass icmp from any to any > ipfw add 200 fwd 127.0.0.1,3128 tag 1111 tcp from me to any > ipfw add 250 pass all from 10.0.2.15 to any tagged 1111 >=20 > Unfortunately, the packets that originates from the squid server redirect= ed back to itself and I don't find a way to allow them pass out. >=20 > Is someone here have an idea? >=20 > Regards, >=20 > Ataro. > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" Hello, Run the squid server as a separate user, and use the uid match pattern. Cheers, Thom=E1s
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160630001342.GA7528>