From owner-freebsd-isp@FreeBSD.ORG Wed Sep 12 04:50:39 2007 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4414316A41A for ; Wed, 12 Sep 2007 04:50:39 +0000 (UTC) (envelope-from mamun@freebsdmovement.org) Received: from rv-out-0910.google.com (rv-out-0910.google.com [209.85.198.185]) by mx1.freebsd.org (Postfix) with ESMTP id 02D6A13C46B for ; Wed, 12 Sep 2007 04:50:38 +0000 (UTC) (envelope-from mamun@freebsdmovement.org) Received: by rv-out-0910.google.com with SMTP id l15so69911rvb for ; Tue, 11 Sep 2007 21:50:38 -0700 (PDT) Received: by 10.141.27.18 with SMTP id e18mr24603rvj.1189572638362; Tue, 11 Sep 2007 21:50:38 -0700 (PDT) Received: by 10.141.88.8 with HTTP; Tue, 11 Sep 2007 21:50:38 -0700 (PDT) Message-ID: <4857c35e0709112150y2cb082dcgb707f8fbdfbd934b@mail.gmail.com> Date: Wed, 12 Sep 2007 10:50:38 +0600 From: "Anwarul Mamun" To: "Andrew Pantyukhin" In-Reply-To: <20070911183044.GC83726@amilo.cenkes.org> MIME-Version: 1.0 References: <4857c35e0709110423w77c5217fs81a1f014d0a48adf@mail.gmail.com> <20070911183044.GC83726@amilo.cenkes.org> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-isp@freebsd.org Subject: Re: Squid proxy 2.6 with FreeBSD 6.2 X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Sep 2007 04:50:39 -0000 I am using two different server. One is running under linux and using iptables from which i want to forward http traffic to the FreeBSD box where i am running Squid proxy and want to make it run as transparent proxy. The problem is that the FreeBSD box is not working as a transparent proxy in this scenario. It seems that the Squid proxy server at FreeBSD box doesn't see the packet forwarded to it through the linux server. Any suggestion? On 9/12/07, Andrew Pantyukhin wrote: > > On Tue, Sep 11, 2007 at 05:23:28PM +0600, Anwarul Mamun wrote: > > Hi All! > > > > I have a linux gateway server (using iptables on this) where my client > hit > > first. I want to direct the http traffic to the proxy server based on > > FreeBSD ( i mean transparent proxy). I am using FreeBSD 6.2 and Squid > proxy > > 2.6. I have directed the http traffic from my linux gateway server to > the > > proxy server on FreeBSD as below. But the transparent proxying does not > > work. Is there anyone worked with the issues on transparent proxy with > > FreeBSD 6.2. who may suggest in this case? > > > > > > /sbin/iptables -t nat -A PREROUTING -s 192.168.40.0/24 -p tcp --dport 80 > -j > > DNAT --to 172.16.3.1:8080 > > /sbin/iptables -t nat -A PREROUTING -s 192.168.40.0/24 -p tcp --dport > 8080 > > -j DNAT --to 172.16.3.1:8080 > > Assuming your squid config is right, you should stop modifying > packets (with little knowledge of iptables, I think -j DNAT --to > ... does that). If you manage to reroute unmodified packets to > the FreeBSD box, you'll need something like this to set up its > ipfw: > > $cmd add 100 fwd 127.0.0.1,3128\ > proto tcp src-ip $lan_local not src-ip me not dst-ip me\ > dst-port $http_ports > $cmd add 200 allow via lo0 > $cmd add 500 deny dst-ip me dst-port 3128 not src-ip $lan_local >