Date: Mon, 20 Apr 2009 13:05:27 -0400 From: Steve Bertrand <steve@ibctech.ca> To: Adrian Chadd <adrian@freebsd.org> Cc: FreeBSD Net <freebsd-net@freebsd.org> Subject: Re: Route traffic on a gateway through SSH tunnel Message-ID: <49ECAB57.8000708@ibctech.ca> In-Reply-To: <d763ac660904191616p499a5730odaa96cb8fbf18e9d@mail.gmail.com> References: <49EA4FBC.4040202@ibctech.ca> <d763ac660904191616p499a5730odaa96cb8fbf18e9d@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail
Adrian Chadd wrote: > G'day; > > 2009/4/19 Steve Bertrand <steve@ibctech.ca>: > >> I have a Squid proxy/content filter at my office that I would like to >> route all 80/443 traffic from my home connection, through the proxy. The >> proxy and the termination point of my home connection are located in two >> different PoPs, within different ASs. > > Eww. People still use Squid? hmmm... I'm trying to figure out what you are implying here. If Squid is "eww", what do you recommend? >> Does anyone have any suggestions or comments they can share regarding >> such a setup? > > Well, i'd first look at what you're doing with the "fwd" next-hop > rewriting. All ipfw fwd does is next-hop rewriting with an optional > redirect-to-local-socket-termination feature. > > You need to redirect to a local squid or some other proxy which can do > the DNS lookups as required (if required!) and bounce the request > upstream. > > I'd suggest setting up Squid on your local CPE to handle the "ipfw fwd > any 127.0.0.1:3128" redirection (and use http_port 127.0.0.1:3128 > transparent in squid.conf) and then configure squid with a parent > proxy (cache_peer, disable never_direct, etc) to talk exclusively to > your upstream proxy(ies). Thanks for the great feedback Adrian. I've done what you recommended, and things work exactly as I originally desired, from PC through the parent proxy. The only thing that doesn't work properly, is SSL proxying, but that's something I can fiddle with. BTW, I am using Squid as a backend to DansGuardian. Both reside on the same box, at my office. The only user of this configuration is my home connection. Stevehome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49ECAB57.8000708>