Date: Mon, 06 Oct 2003 17:19:53 +0800 From: "Gil Agno Virtucio" <gihl@nesic.com.ph> To: synrat@wirewalk.org Cc: questions@freebsd.org Subject: RE: tranparent proxying, squid, nat, ipfw Message-ID: <web-4813283@digitelone.com>
next in thread | raw e-mail | index | archive | help
so far this was the simpliest squid configuration that i've seen... http://ezine.daemonnews.org/200209/squid.html hope this helps... ----------------------------------------------------- Gil Agno Virtucio Janitor/Collector/Messenger NEC System Integration and Construction Philippines Inc. 15th Floor BPI Buendia Center Gil Puyat Ave. Makati City 1200 Cellphone : +639163989695 Office Phone: +6328914167 ----------------------------------------------------- -----Original Message----- From: synrat [mailto:synrat@wirewalk.org] Sent: Monday, October 06, 2003 11:40 AM To: freebsd-questions@freebsd.org Subject: tranparent proxying, squid, nat, ipfw I'm having a hard time getting this working together. I have squid 2.5 stable working and with all the required setting for transparent proxying. The machine has the kernel with IPFW and forwarding options. NAT is on, firewall type is simple with some modifications. Internal interface address is 192.168.1.1. Squid runs fine when the browser is setup to access it, but the goal is not to have to do that. http_port 3128 httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on I have the forwarding rule as well fwd 127.0.0.1,3128 tcp from any to any 80 I tried 192.168.1.1,3128 in the rule. Tried putting it before both divert rules. Here's my ipfw list output 00050 divert 8668 ip from any to any via rl0 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00400 deny ip from 192.168.1.0/24 to any in recv rl0 00500 deny ip from 66.92.100.0/24 to any in recv rl1 00600 deny ip from any to 10.0.0.0/8 via rl0 00700 deny ip from any to 172.16.0.0/12 via rl0 00800 deny ip from any to 192.168.0.0/16 via rl0 00900 deny ip from any to 0.0.0.0/8 via rl0 01000 deny ip from any to 169.254.0.0/16 via rl0 01100 deny ip from any to 192.0.2.0/24 via rl0 01200 deny ip from any to 224.0.0.0/4 via rl0 01300 deny ip from any to 240.0.0.0/4 via rl0 01400 divert 8668 ip from any to any via rl0 01500 deny ip from 10.0.0.0/8 to any via rl0 01600 deny ip from 172.16.0.0/12 to any via rl0 01700 deny ip from 192.168.0.0/16 to any via rl0 01800 deny ip from 0.0.0.0/8 to any via rl0 01900 deny ip from 169.254.0.0/16 to any via rl0 02000 deny ip from 192.0.2.0/24 to any via rl0 02100 deny ip from 224.0.0.0/4 to any via rl0 02200 deny ip from 240.0.0.0/4 to any via rl0 02300 allow tcp from any to any established 02400 allow ip from any to any frag 02500 allow tcp from any to 66.92.100.221 25 setup 02600 allow tcp from 192.168.1.0/24 to 192.168.1.0/24 02700 allow tcp from 192.168.1.0/24 to 192.168.1.0/24 02800 allow udp from 192.168.1.0/24 to 192.168.1.0/24 02900 allow udp from 192.168.1.0/24 to 192.168.1.0/24 03000 allow tcp from any to 66.92.100.221 80 setup 03100 allow tcp from any to 66.92.100.221 8080 setup 03200 allow tcp from any to 66.92.100.221 8021 setup 03300 allow tcp from any to 66.92.100.221 21 setup 03400 allow tcp from any to 66.92.100.221 22 setup 03500 allow tcp from any to 66.92.100.221 110 setup 03600 allow tcp from any to 66.92.100.221 143 setup 03700 allow tcp from any to 66.92.100.221 993 setup 03800 allow tcp from any to 66.92.100.221 995 setup 03900 allow icmp from any to any 04000 deny log tcp from any to any in recv rl0 setup 04100 allow tcp from any to any setup 04200 fwd 127.0.0.1,3128 tcp from any to any 80 04300 allow udp from 66.92.100.221 to any keep-state 04400 allow udp from 192.168.1.3 to any keep-state 65535 deny ip from any to any _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" ____________________________________________________________________ ** Get your free E-Mail account at WWW.DIGITELONE.COM **
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?web-4813283>