Date: Tue, 11 Sep 2007 22:30:45 +0400 From: Andrew Pantyukhin <infofarmer@FreeBSD.org> To: Anwarul Mamun <mamun@freebsdmovement.org> Cc: freebsd-isp@freebsd.org Subject: Re: Squid proxy 2.6 with FreeBSD 6.2 Message-ID: <20070911183044.GC83726@amilo.cenkes.org> In-Reply-To: <4857c35e0709110423w77c5217fs81a1f014d0a48adf@mail.gmail.com> References: <4857c35e0709110423w77c5217fs81a1f014d0a48adf@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Sep 11, 2007 at 05:23:28PM +0600, Anwarul Mamun wrote: > Hi All! > > I have a linux gateway server (using iptables on this) where my client hit > first. I want to direct the http traffic to the proxy server based on > FreeBSD ( i mean transparent proxy). I am using FreeBSD 6.2 and Squid proxy > 2.6. I have directed the http traffic from my linux gateway server to the > proxy server on FreeBSD as below. But the transparent proxying does not > work. Is there anyone worked with the issues on transparent proxy with > FreeBSD 6.2. who may suggest in this case? > > > /sbin/iptables -t nat -A PREROUTING -s 192.168.40.0/24 -p tcp --dport 80 -j > DNAT --to 172.16.3.1:8080 > /sbin/iptables -t nat -A PREROUTING -s 192.168.40.0/24 -p tcp --dport 8080 > -j DNAT --to 172.16.3.1:8080 Assuming your squid config is right, you should stop modifying packets (with little knowledge of iptables, I think -j DNAT --to ... does that). If you manage to reroute unmodified packets to the FreeBSD box, you'll need something like this to set up its ipfw: $cmd add 100 fwd 127.0.0.1,3128\ proto tcp src-ip $lan_local not src-ip me not dst-ip me\ dst-port $http_ports $cmd add 200 allow via lo0 $cmd add 500 deny dst-ip me dst-port 3128 not src-ip $lan_local
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070911183044.GC83726>