Date: Mon, 20 Apr 2009 13:05:27 -0400 From: Steve Bertrand <steve@ibctech.ca> To: Adrian Chadd <adrian@freebsd.org> Cc: FreeBSD Net <freebsd-net@freebsd.org> Subject: Re: Route traffic on a gateway through SSH tunnel Message-ID: <49ECAB57.8000708@ibctech.ca> In-Reply-To: <d763ac660904191616p499a5730odaa96cb8fbf18e9d@mail.gmail.com> References: <49EA4FBC.4040202@ibctech.ca> <d763ac660904191616p499a5730odaa96cb8fbf18e9d@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Adrian Chadd wrote: > G'day; > > 2009/4/19 Steve Bertrand <steve@ibctech.ca>: > >> I have a Squid proxy/content filter at my office that I would like to >> route all 80/443 traffic from my home connection, through the proxy. The >> proxy and the termination point of my home connection are located in two >> different PoPs, within different ASs. > > Eww. People still use Squid? hmmm... I'm trying to figure out what you are implying here. If Squid is "eww", what do you recommend? >> Does anyone have any suggestions or comments they can share regarding >> such a setup? > > Well, i'd first look at what you're doing with the "fwd" next-hop > rewriting. All ipfw fwd does is next-hop rewriting with an optional > redirect-to-local-socket-termination feature. > > You need to redirect to a local squid or some other proxy which can do > the DNS lookups as required (if required!) and bounce the request > upstream. > > I'd suggest setting up Squid on your local CPE to handle the "ipfw fwd > any 127.0.0.1:3128" redirection (and use http_port 127.0.0.1:3128 > transparent in squid.conf) and then configure squid with a parent > proxy (cache_peer, disable never_direct, etc) to talk exclusively to > your upstream proxy(ies). Thanks for the great feedback Adrian. I've done what you recommended, and things work exactly as I originally desired, from PC through the parent proxy. The only thing that doesn't work properly, is SSL proxying, but that's something I can fiddle with. BTW, I am using Squid as a backend to DansGuardian. Both reside on the same box, at my office. The only user of this configuration is my home connection. Steve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49ECAB57.8000708>