Date: Wed, 05 Mar 2003 11:19:27 +0000 From: "soheil soheil" <soheil_hh@hotmail.com> To: darcy@wavefire.com, freebsd-net@freebsd.org Subject: Re: Transparent Proxy Message-ID: <F88C0Yjzp4ITnESxfXy00005ead@hotmail.com>
next in thread | raw e-mail | index | archive | help
I think if you add the following rule to the ipfw rules on 192.168.0.1 ( the squid-running host ) you can have your proxy working. skipto 510 tcp from 192.168.0.1 to any dst-port 80 >From: Darcy Buskermolen <darcy@wavefire.com> >To: freebsd-net@freebsd.org >Subject: Transparent Proxy >Date: Tue, 25 Feb 2003 16:42:09 -0800 > > >(Promoted to -net due to lack of responces on -questions) > > >I'm trying to deploy a transparent proxy server for a friend's office but >have >run into a couple of snags that I can't seam to find the correct answer >for. >Please see http://home2.dbitech.bc.ca:8080/netconfig.txt for graphical >topology > >Note that I'm running IPFW2 on both BSD boxes. > >ipfw list output on 192.168.0.254: > >00001 skipto 50000 tcp from any 1023-65535 to me dst-port 22 >00040 skipto 50 tcp from 192.168.0.1 to any dst-port 80 >00048 fwd 192.168.0.1 tcp from 192.168.0.0/24 to any dst-port 80 out >00999 divert 8669 ip from any to any via ed0 >65533 allow ip from any to any >65535 deny ip from any to any > >ipfw list output on 192.168.0.1: > >00500 fwd 127.0.0.1,3128 ip from 192.168.0.0/16 to any dst-port 80 in >65000 allow ip from any to any >65535 deny ip from any to any > >When the windows box (192.168.0.32) makes a web request it gets forwarded >to >the squid machine fine, and squid returns a "access denied" error message, >checking the cache.log on squid I see the reason is as follows: > >2003/02/20 04:19:47| WARNING: Forwarding loop detected for: >GET / HTTP/1.0 > >All the information I can find online regaring setting up transparent >proxying >for squid using ipfw shows squid running on the gateway host, or on a >diffrent network segment. Can anybody point me in the correct direction to >tell me what it is that I'm missing? > >-- >Darcy Buskermolen >Wavefire Technologies Corp. >ph: 250.717.0200 >fx: 250.763.1759 >http://www.wavefire.com > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-net" in the body of the message _________________________________________________________________ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F88C0Yjzp4ITnESxfXy00005ead>