From owner-freebsd-isp@FreeBSD.ORG Wed Jun 18 19:08:02 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A822537B401 for ; Wed, 18 Jun 2003 19:08:02 -0700 (PDT) Received: from seahorse.island.net.au (seahorse.island.net.au [203.28.142.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3062143F85 for ; Wed, 18 Jun 2003 19:08:01 -0700 (PDT) (envelope-from hugh@island.net.au) Received: from r2d2 (rc.island.net.au [203.28.142.167]) by seahorse.island.net.au (8.11.3/8.11.3) with SMTP id h5J27qA16854; Thu, 19 Jun 2003 12:07:52 +1000 (EST) (envelope-from hugh@island.net.au) Message-ID: <005301c33607$960b4da0$7bdea8c0@island.net.au> From: "Hugh Blandford" To: "apellido jr., wilfredo p" References: <20030618132211.91795.qmail@web40402.mail.yahoo.com> Date: Thu, 19 Jun 2003 12:07:49 +1000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 cc: freebsd-isp@FreeBSD.ORG Subject: Re: Tranparent Proxy X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jun 2003 02:08:02 -0000 Hi, I had a bit of sweat and tears over this but it turned out to be easy in the end. To create the gre tunnels you will need to have: pseudo-device gre in your kernel along with: options IPFIREWALL options IPFIREWALL_FORWARD assuming that your proxy server is 192.168.1.37 and the routers interface is 192.168.1.34 I setup the following entries in rc.local. The main thing that caused me problems was that some GRE packets come from a loopback interface and some come from the LAN interface facing the proxy server. This is why I had to create two GRE tunnels and two ipfw rules. Assume the loopback is 10.11.44.254 You can either run tcpdump to find out what GRE traffic is being sent to your proxy or alternatively you could find it being used by sh ip wccp Global WCCP information: Router information: Router Identifier: 10.11.44.254 Protocol Version: 1.0 ifconfig gre0 create ifconfig gre0 192.168.1.37 10.20.30.40 netmask 255.255.255.255 link1 tunnel 192.168.1.37 10.11.44.254 up ifconfig gre1 create ifconfig gre1 192.168.1.37 10.20.30.41 netmask 255.255.255.255 link1 tunnel 192.168.1.37 192.168.1.34 up the 10.20.30.40 & 10.20.30.41 addresses are dummies to avoid problems with GRE endpoints being on the same network. Since the GRE traffic is just one way from the router to the proxy it doesn't matter what address you put in there. Lastly I setup the following IP firewall rules (I have configured squid as per the FAQ Ch 17? and have squid listening on port 80) allow ip from 192.168.1.37 to any fwd 127.0.0.1 tcp from any to any 80 in recv gre0 fwd 127.0.0.1 tcp from any to any 80 in recv gre1 allow ip from any to any Hope that helps, feel free to contact me if you need more help. Hugh ----- Original Message ----- From: "apellido jr., wilfredo p" To: Sent: Wednesday, June 18, 2003 11:22 PM Subject: Tranparent Proxy > does anyone tried to configure Tranparent proxy using > gre tunneling between CISCO router <---WCCP---> > FreeBSD 4.8? > > ===== > If you can't hear me, it's because i'm in parentheses. [ apellido jr., wilfredo p. ] > > __________________________________ > Do you Yahoo!? > SBC Yahoo! DSL - Now only $29.95 per month! > http://sbc.yahoo.com > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >