From owner-freebsd-questions Mon Jun 10 15:11:51 2002 Delivered-To: freebsd-questions@freebsd.org Received: from web21407.mail.yahoo.com (web21407.mail.yahoo.com [216.136.232.77]) by hub.freebsd.org (Postfix) with SMTP id E972037B409 for ; Mon, 10 Jun 2002 15:08:53 -0700 (PDT) Message-ID: <20020610220853.85660.qmail@web21407.mail.yahoo.com> Received: from [65.215.184.10] by web21407.mail.yahoo.com via HTTP; Mon, 10 Jun 2002 15:08:53 PDT Date: Mon, 10 Jun 2002 15:08:53 -0700 (PDT) From: Jason Bertolacci Subject: IPFW forwarding and transparent proxy trouble To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Having read the Squid FAQ and other documentation I added the recommended config to a working proxy server (Squid 2.4 and FreeBSD 4.6RC) in an attempt to get transparent proxy working. The Squid machine works if the client's proxy optoins are manually configured in the client's browser but the transparent forwarding does not seem to be working. The long story goes... After configuring and compiling with "--enable-ipf-transparent" I added to squid.conf... http_port 3128 httpd_accel_host virtual httpd_accel_port 80 httpd_accel_uses_host_header on httpd_accel_with_proxy on And the following to rc.firewall... [Cc][Aa][Cc][Hh][Ee]) setup_loopback ${fwcmd} add pass all from any to any ${fwcmd} add fwd 127.0.0.1,3128 tcp from any to any 80 ;; The Squid machine receives traffic forwarded from the router but does not seem to deliver it to the proxy port. I don't see any packets incrementing on the ipfw add fwd rule -- is this normal? 00400 14596 3099647 allow ip from any to any 00500 0 0 fwd 127.0.0.1,3128 tcp from any to any 80 And if I connect via telnet to port 80 on the Squid server the connection is denied while if I connect to 3128 I get an error from Squid. The ipfw forwarding does not seem to be working...it is enabled in the kernel: options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #enable logging to syslogd(8) options IPFIREWALL_FORWARD #enable transparent proxy support Anyone have thoughts or suggestions? Thanks. jason __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message