Date: Fri, 21 Feb 2003 06:25:22 +0100 (CET) From: 520023893678-0001@t-online.de (P. U. Kruppa) To: Darcy Buskermolen <darcy@wavefire.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Transparent Proxy Message-ID: <20030221061425.G254@small.pukruppa.de> In-Reply-To: <200302201559.16002.darcy@wavefire.com> References: <200302201559.16002.darcy@wavefire.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 20 Feb 2003, Darcy Buskermolen wrote: > I'm trying to deploy a transparent proxy server for a friend's office but have > run into a couple of snags that I can't seam to find the correct answer for. > Please see http://home2.dbitech.bc.ca:8080/netconfig.txt for graphical > topology > > Note that I'm running IPFW2 on both BSD boxes. > > ipfw list output on 192.168.0.254: > > 00001 skipto 50000 tcp from any 1023-65535 to me dst-port 22 > 00040 skipto 50 tcp from 192.168.0.1 to any dst-port 80 > 00048 fwd 192.168.0.1 tcp from 192.168.0.0/24 to any dst-port 80 out > 00999 divert 8669 ip from any to any via ed0 > 65533 allow ip from any to any > 65535 deny ip from any to any > > ipfw list output on 192.168.0.1: > > 00500 fwd 127.0.0.1,3128 ip from 192.168.0.0/16 to any dst-port 80 in ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ I am no squid expert, but this was the line which caused the trouble. I told ipfw to read the traffic directly from the nic (a realtek on rl1): # ipfw add 500 fwd 127.0.0.1, 3128 tcp from any to any 80 recv rl1 Perhaps this works for you, too? Uli. > 65000 allow ip from any to any > 65535 deny ip from any to any > > When the windows box (192.168.0.32) makes a web request it gets forwarded to > the squid machine fine, and squid returns a "access denied" error message, > checking the cache.log on squid I see the reason is as follows: > > 2003/02/20 04:19:47| WARNING: Forwarding loop detected for: > GET / HTTP/1.0 > > Can anybody point me in the correct direction to tell me what it is that I'm > missing? > > P.S. > Please CC me on responses as that I'm not subscribed to questions. > > > > -- > Darcy Buskermolen > Wavefire Technologies Corp. > ph: 250.717.0200 > fx: 250.763.1759 > http://www.wavefire.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > +-----------------------------------+ | Peter Ulrich Kruppa | | - Wuppertal - | | Germany | +-----------------------------------+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030221061425.G254>