Date: Mon, 20 Jun 2005 12:32:48 -0500 From: eculp@bafirst.com To: freebsd-net@freebsd.org Subject: Re: transparent Squid 2.5Stable10 + FreeBSD 5.3 Message-ID: <20050620123248.8ae79mn1vwo4sw4w@mail.bafirst.com> In-Reply-To: <50401020510511701@webmail.iastate.edu> References: <50401020510511701@webmail.iastate.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting Ryan Rathje <mrsharky@iastate.edu>: > Here's my FreeBSD setup > > Nic1 -> outside (123.456.789.10) > Nic2 -> internal (192.168.1.2) > > Here's my client Win2k setup > > IP: 192.168.1.5 > MASK: 255.255.255.0 > GW: 192.168.1.2 > > ------------------------------------- > > I have FreeBSD 5.3 installed with the modified kernel options > > options IPFILTER > options IPFILTER_LOG > options NMBCLUSTERS=32768 > options IPFIREWALL > options IPFIREWALL_FORWARD > options IPFIREWALL_DEFAULT_TO_ACCEPT > > in a machine with 2 NICS ( NIC1 -> outside work; NIC2 -> interal network > (192.168.1.2). I configured Squid with the ARG --enable-ipf-transparent, and > ths is what my options (/var/db/ports/squid/) file looks like for > configuring Squid: > > # This file is auto-generated by 'make config'. > # No user-servicable parts inside! > # Options for squid-2.5.10_1 > _OPTIONS_READ=squid-2.5.10_1 > WITHOUT_SQUID_LDAP_AUTH=true > WITHOUT_SQUID_DELAY_POOLS=true > WITHOUT_SQUID_SNMP=true > WITHOUT_SQUID_CARP=true > WITHOUT_SQUID_SSL=true > WITH_SQUID_PINGER=true > WITHOUT_SQUID_DNS_HELPER=true > WITHOUT_SQUID_HTCP=true > WITHOUT_SQUID_VIA_DB=true > WITHOUT_SQUID_CACHE_DIGESTS=true > WITH_SQUID_WCCP=true > WITH_SQUID_UNDERSCORES=true > WITH_SQUID_CHECK_HOSTNAME=true > WITHOUT_SQUID_STRICT_HTTP=true > WITH_SQUID_IDENT=true > WITHOUT_SQUID_USERAGENT_LOG=true > WITHOUT_SQUID_ARP_ACL=true > WITHOUT_SQUID_PF=true > WITH_SQUID_IPFILTER=true > WITH_SQUID_FOLLOW_XFF=true > WITHOUT_SQUID_AUFS=true > WITHOUT_SQUID_COSS=true > WITHOUT_SQUID_LARGEFILE=true > WITHOUT_SQUID_STACKTRACES=true > WITH_SQUID_RCNG=true > > In the squid.conf file I've made (what I think) are the appropriate changes: > > http_port 3128 > httpd_accel_host virtual > httpd_accel_port 80 > httpd_accel_with_proxy on > httpd_accel_uses_host_header on > > and lastly, this is what my rc.conf looks like: > > hostname="Gohan" > > squid_enable="YES" > > firewall_enable="YES" > firewall_type="open" > firewall_quiet="NO" > firewall_logging="YES" > > # IPFILTER enabled > ipfilter_enable="YES" > ipfilter_program="/sbin/ipf" > ipfilter_rules="/etc/ipf.rules" > ipfilter_flags="" > > ipfw add allow all from any to 192.168.1.2 80 > ipfw add fwd 192.168.1.2 tcp from any to 192.168.1.2 3128 > ipfw add fwd 192.168.1.2,3128 tcp from any to any 80,82,3128 out recv > 192.168.1.2 xmit 129.186.215.57 > At one time I did that with IPFW, I have found pf much easier to set up. Take a look at http://www.benzedrine.cx/transquid.html if you are interested. ed
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050620123248.8ae79mn1vwo4sw4w>