From owner-freebsd-questions@FreeBSD.ORG Mon Nov 19 15:33:05 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2AFC116A418 for ; Mon, 19 Nov 2007 15:33:05 +0000 (UTC) (envelope-from sat@cenkes.org) Received: from heka.cenkes.org (heka.cenkes.org [208.79.80.110]) by mx1.freebsd.org (Postfix) with ESMTP id 0C45613C46E for ; Mon, 19 Nov 2007 15:33:04 +0000 (UTC) (envelope-from sat@cenkes.org) Received: from amilo.cenkes.org (ppp85-141-134-127.pppoe.mtu-net.ru [85.141.134.127]) (Authenticated sender: sat) by heka.cenkes.org (Postfix) with ESMTP id D0DDE242F833; Mon, 19 Nov 2007 18:32:55 +0300 (MSK) Date: Mon, 19 Nov 2007 18:32:53 +0300 From: Andrew Pantyukhin To: Steve Bertrand Message-ID: <20071119153252.GF57722@amilo.cenkes.org> References: <473DD804.1020502@ibctech.ca> <20071118151716.GA57722@amilo.cenkes.org> <4741968A.3010009@ibctech.ca> <20071119145205.GE57722@amilo.cenkes.org> <4741A773.8010101@ibctech.ca> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4741A773.8010101@ibctech.ca> X-OS: FreeBSD 8.0-CURRENT amd64 User-Agent: Mutt/1.5.16 (2007-06-09) Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD router and WCCP X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: infofarmer@FreeBSD.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Nov 2007 15:33:05 -0000 On Mon, Nov 19, 2007 at 10:10:43AM -0500, Steve Bertrand wrote: > > > ipfw forwarding is a very easy way to redirect traffic without > > changing it. PF has similar functionality. It all depends on what > > the appliance supports. If wccp is the only way it can eat > > packets, try playing with gre(4). But maybe it'll consume just > > plain packets with "wrong" IP destinations arriving on its MAC > > address, just the way squid on FreeBSD does. > > > > BTW, if the appliance supports ICAP, you'll be much better off > > running squid on a FreeBSD box and filtering content through > > ICAP. > > The appliance does indeed have ICAP capabilities, but I have never > dabbled with it before. > > I am familiar with IPFW, but I'd like to know all options in order to > choose the best one. > > I would very much prefer to do this in a way without having to have > Squid running on the box, but will if I have to. If filtering is all you want, you don't have to set up squid as a caching proxy. I.e. it won't need much RAM and disk space. I have yet to set up ICAP (with c-icap) in our workshop, but from discussions on squid mailing lists it seems ICAP is in a pretty usable state, both in squid 2.x and 3.x.