Date: Tue, 15 Feb 2005 23:53:31 +0100 From: Daniel Hartmeier <daniel@benzedrine.cx> To: Jason Hunt <jhunt@niicommunications.com> Cc: freebsd-pf@freebsd.org Subject: Re: PF Squid Transparent Proxy Message-ID: <20050215225331.GR32350@insomnia.benzedrine.cx> In-Reply-To: <BE37D577.1C7C3%jhunt@niicommunications.com> References: <BE37D577.1C7C3%jhunt@niicommunications.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 15, 2005 at 04:36:07PM -0600, Jason Hunt wrote: > Has anyone got squid to work transparently using pf firewall rules? I came > across some patch that support --enable-pf-transparent from 2002, but was > wondering if there was some work around. > > I understand that you can do this on an OpenBSD system (apparently there is > a port that does support --enable-pf-transparent), but was wondering about > support for FreeBSD. That code is only needed when you need squid to query original destination addresses from pf via ioctl (when squid and pf are running on the same host), for web servers that don't support HTTP 1.1 and the HTTP Host: header (which are getting fewer). The changes needed in squid were merged into the squid base distribution, they are enabled using the --enable-pf-transparent configure option. The FreeBSD 5.3 port enables that option when you run WITH_SQUID_PF=1 make in /usr/ports/www/squid. Some more details (which apply equally to pf under FreeBSD) can be found on http://www.benzedrine.cx/transquid.html Daniel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050215225331.GR32350>