Date: Mon, 4 Oct 1999 20:44:55 -0500 (CDT) From: Wm Brian McCane <root@bmccane.maxbaud.net> To: freebsd-isp@FreeBSD.ORG Subject: Re: Transparent Proxying Message-ID: <Pine.BSF.3.96.991004203442.16091C-100000@bmccane.maxbaud.net> In-Reply-To: <Pine.BSF.3.95.991004172808.7703L-100000@current1.whistle.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 4 Oct 1999, Julian Elischer wrote: > > On Sat, 2 Oct 1999, Wm Brian McCane wrote: > > > Okay, I went through the ISP mailing list on www.freebsd.org and didn't > > find the answer to this question. I kept getting the impression that it > > is so obvious I shouldn't need any help, but anyway: > > > > I have 2 boxes that allow dialin connected to my intranet. > > I have 1 box which is multihomed > > a) one side on my intranet > > b) other side on an ADSL line with static IP > > The multihomed box gateways my ADSL side into my intranet > > It is also running SQUID-22 > > > > I want my dialin lines to be transparently proxied by the > > multihomed box. I have added the following rule to ipfw: > > > > > ipfw add 216 fwd 1.2.3.4,3128 tcp from 1.2.3.216 to any 80 > > is 1.2.3.4 the local machine? > and why not use 127.0.0.1 > which machine is 1.2.3.216? 1.2.3.4 is squid server (not it's real number of course) 1.2.3.216 is modem1 on dialin1 1.2.3.197 is dialin1 (not listed above, but it is where I am put the rule) I changed the rule to: ipfw add 216 fwd 1.2.3.197,3128 tcp from 1.2.3.216 to any 80 and now I am getting redirects to the 3128 port on dialin1. I put a copy of squid there and suddenly I get a proxy. This is not what I wanted though because this would require 3 proxy servers (1 on each dialin and 1 on the multihomed box). Plus, the server on the dialin's will try to directly download any ICP_MISS's that they receive from the multi-homed box. If someone knows how to configure Squid to force a parent to do the fetch, I would be a lot closer to a usable solution at least. > > > > The squid cache never shows the inbound connection. Have I missed > > something obvious? More detail is needed here. When I say: $ telnet ftp.freebsd.org 80 I should connect to 1.2.3.4:3128 I think. Instead, I hook directly to ftp.freebsd.org:80 just like I would without the rule. When I made the change to the rule as mentioned above, I got "Connection refused..." until I brought up a squid server on the dialin1 machine. > > You may need to turn on an option on squid too. > > I did it once, but I forget what it was. > (At one stage you needed to actually patch squid but that it no longer > true). > > The Linix squid howtos give the details... From what I have read, these changes have to do with using the FQDN of the machine that a file was transferred from instead of using that machines IP address when putting a copy of a file into the cache. This is the least of my worries at present. I will need to use (at least) the virtual setting later on. > > > > > > brian > > > > +-----------------------------------+------------------------------------------+ > > He rides a cycle of mighty days, and \ Wm Brian and Lori McCane > > represents the last great schizm among\ McCane Consulting > > the gods. Evil though he obviously is, \ root@bmccane.maxbaud.net > > he is a mighty figure, this father of \ http://bmccane.maxbaud.net/ > > my spirit, and I respect him as the sons \ http://bmccane.maxbaud.net/~pictures/ > > of old did the fathers of their bodies. \ http://bmccane.maxbaud.net/~bmccane/ > > Roger Zelazny - "Lord of Light" \ > > +-------------------------------------------+----------------------------------+ > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.991004203442.16091C-100000>