From owner-freebsd-net@FreeBSD.ORG Mon Jun 20 17:32:49 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7B4B616A41F for ; Mon, 20 Jun 2005 17:32:49 +0000 (GMT) (envelope-from eculp@bafirst.com) Received: from 72-12-2-214.wan.networktel.net (72-12-2-214.wan.networktel.net [72.12.2.214]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1DF2443D53 for ; Mon, 20 Jun 2005 17:32:48 +0000 (GMT) (envelope-from eculp@bafirst.com) Received: from localhost (localhost [127.0.0.1]) (uid 80) by 72-12-2-214.wan.networktel.net with local; Mon, 20 Jun 2005 12:32:48 -0500 id 00095B71.42B6FDC0.0000BD1C Received: from dsl-201-138-84-201.prod-infinitum.com.mx (dsl-201-138-84-201.prod-infinitum.com.mx [201.138.84.201]) by mail.bafirst.com (Horde MIME library) with HTTP; Mon, 20 Jun 2005 12:32:48 -0500 Message-ID: <20050620123248.8ae79mn1vwo4sw4w@mail.bafirst.com> Date: Mon, 20 Jun 2005 12:32:48 -0500 From: eculp@bafirst.com To: freebsd-net@freebsd.org References: <50401020510511701@webmail.iastate.edu> In-Reply-To: <50401020510511701@webmail.iastate.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) 4.1-cvs Subject: Re: transparent Squid 2.5Stable10 + FreeBSD 5.3 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Jun 2005 17:32:49 -0000 Quoting Ryan Rathje : > Here's my FreeBSD setup > > Nic1 -> outside (123.456.789.10) > Nic2 -> internal (192.168.1.2) > > Here's my client Win2k setup > > IP: 192.168.1.5 > MASK: 255.255.255.0 > GW: 192.168.1.2 > > ------------------------------------- > > I have FreeBSD 5.3 installed with the modified kernel options > > options IPFILTER > options IPFILTER_LOG > options NMBCLUSTERS=32768 > options IPFIREWALL > options IPFIREWALL_FORWARD > options IPFIREWALL_DEFAULT_TO_ACCEPT > > in a machine with 2 NICS ( NIC1 -> outside work; NIC2 -> interal network > (192.168.1.2). I configured Squid with the ARG --enable-ipf-transparent, and > ths is what my options (/var/db/ports/squid/) file looks like for > configuring Squid: > > # This file is auto-generated by 'make config'. > # No user-servicable parts inside! > # Options for squid-2.5.10_1 > _OPTIONS_READ=squid-2.5.10_1 > WITHOUT_SQUID_LDAP_AUTH=true > WITHOUT_SQUID_DELAY_POOLS=true > WITHOUT_SQUID_SNMP=true > WITHOUT_SQUID_CARP=true > WITHOUT_SQUID_SSL=true > WITH_SQUID_PINGER=true > WITHOUT_SQUID_DNS_HELPER=true > WITHOUT_SQUID_HTCP=true > WITHOUT_SQUID_VIA_DB=true > WITHOUT_SQUID_CACHE_DIGESTS=true > WITH_SQUID_WCCP=true > WITH_SQUID_UNDERSCORES=true > WITH_SQUID_CHECK_HOSTNAME=true > WITHOUT_SQUID_STRICT_HTTP=true > WITH_SQUID_IDENT=true > WITHOUT_SQUID_USERAGENT_LOG=true > WITHOUT_SQUID_ARP_ACL=true > WITHOUT_SQUID_PF=true > WITH_SQUID_IPFILTER=true > WITH_SQUID_FOLLOW_XFF=true > WITHOUT_SQUID_AUFS=true > WITHOUT_SQUID_COSS=true > WITHOUT_SQUID_LARGEFILE=true > WITHOUT_SQUID_STACKTRACES=true > WITH_SQUID_RCNG=true > > In the squid.conf file I've made (what I think) are the appropriate changes: > > http_port 3128 > httpd_accel_host virtual > httpd_accel_port 80 > httpd_accel_with_proxy on > httpd_accel_uses_host_header on > > and lastly, this is what my rc.conf looks like: > > hostname="Gohan" > > squid_enable="YES" > > firewall_enable="YES" > firewall_type="open" > firewall_quiet="NO" > firewall_logging="YES" > > # IPFILTER enabled > ipfilter_enable="YES" > ipfilter_program="/sbin/ipf" > ipfilter_rules="/etc/ipf.rules" > ipfilter_flags="" > > ipfw add allow all from any to 192.168.1.2 80 > ipfw add fwd 192.168.1.2 tcp from any to 192.168.1.2 3128 > ipfw add fwd 192.168.1.2,3128 tcp from any to any 80,82,3128 out recv > 192.168.1.2 xmit 129.186.215.57 > At one time I did that with IPFW, I have found pf much easier to set up. Take a look at http://www.benzedrine.cx/transquid.html if you are interested. ed