Date: Tue, 25 Apr 2000 13:07:44 -0500 (CDT) From: Chris Dillon <cdillon@wolves.k12.mo.us> To: Dan Larsson <dl@tyfon.net> Cc: "[FreeBSD-Questions-List] (E-mail)" <freebsd-questions@FreeBSD.ORG> Subject: Re: www and squid on same machine Message-ID: <Pine.BSF.4.20.0004251257570.9672-100000@mail.wolves.k12.mo.us> In-Reply-To: <000101bfaedc$57f315d0$1401a8c0@intranet.tyfon.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 25 Apr 2000, Dan Larsson wrote: > I'm currently running a transparent cache on a > FreeBSD machine. The machine is connected via two > network interface cards one to the internet and one > to the local lan. > > squid is bound to 127.0.0.1 and listens on port 8080 > apache is bound to 127.0.0.1 and listens on port 81 > > These are the firewall rules I use to hijack http: > ifpw add 100 pass tcp from INTERNET_IP_ADDRESS to any > ipfw add 110 fwd 127.0.0.1,8080 tcp from any to any 80 > > What do I need to do to serve http on the outside interface without > allowing everyone access to the squid cache? Bind Apache to the outside interface instead of 127.0.0.1 and then add this rule: ipfw add 115 pass tcp from any to ${OUTSIDE_INTERFACE} 80 This will allow traffic to the outside interface port 80 before it gets checked by the next rule where it would have normally been redirected to squid. As for not allowing external access to Squid, as you have it configured now, nobody can ever have external access to the Squid proxy except through any fwd rules you set up. -- Chris Dillon - cdillon@wolves.k12.mo.us - cdillon@inter-linc.net FreeBSD: The fastest and most stable server OS on the planet. For Intel x86 and Alpha architectures. ( http://www.freebsd.org ) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.20.0004251257570.9672-100000>