From owner-freebsd-questions Thu Feb 14 15:43:11 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mail.27in.tv (roc-66-24-112-7.rochester.rr.com [66.24.112.7]) by hub.freebsd.org (Postfix) with ESMTP id 291B937B402; Thu, 14 Feb 2002 15:43:05 -0800 (PST) Received: (from root@localhost) by mail.27in.tv (8.11.6/8.11.6) id g1ENh3812483; Thu, 14 Feb 2002 18:43:03 -0500 (EST) (envelope-from cjm2@earthling.net) Received: from 27in.tv (roc-66-24-112-7.rochester.rr.com [66.24.112.7]) by mail.27in.tv (8.11.6/8.11.6av) with SMTP id g1ENh1K12474; Thu, 14 Feb 2002 18:43:01 -0500 (EST) (envelope-from cjm2@earthling.net) Received: from 10.0.0.254 (SquirrelMail authenticated user cjm2) by mail.lan.27in.tv with HTTP; Thu, 14 Feb 2002 18:43:02 -0500 (EST) Message-ID: <1096.10.0.0.254.1013730182.squirrel@mail.lan.27in.tv> Date: Thu, 14 Feb 2002 18:43:02 -0500 (EST) Subject: Re: Transparant proxy From: "C J Michaels" To: In-Reply-To: <20020214162842.GA19623@leviathan.inethouston.net> References: <20020214162842.GA19623@leviathan.inethouston.net> X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal Cc: , X-Mailer: SquirrelMail (version 1.2.3 [cvs]) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG [This belongs on -questions not -stable] Some time in the recent past David W. Chapman Jr. scribbled: > On Thu, Feb 14, 2002 at 09:21:53PM +0700, budsz wrote: >> Hi, >> >> I was try to enable transparant proxy in my FreeBSD box so I have >> doing like: >> ${fwcmd} add 3001 allow tcp from 192.168.0.88 to any >> ${fwcmd} add 3002 fwd 127.0.0.1,7080 tcp from any to any 80 >> ${fwcmd} add 3003 fwd 192.168.0.88/32,7080 tcp from any to any 80 >> >> in /etc/rc.firewall, but I think this is useful because my client >> without proxy they can browsing. how to do transparant proxy in >> FreeBSD >> >> > IF you would be interested in trying ipnat, transparent proxying > works great. Transparent proxying works great with ipfw too. We need more information than is currently being provided in this posting to properly troubleshoot. 1. What's happening? 2. Are you running squid? or what particular proxy software are you using? 3. Does the proxy work when the browser is configured to directly using the proxy (not transparent) and the above firewall rules are not implemented. 4. What firewall type is configured in /etc/rc.conf, and where in said file are the above listed ipfw rules? I think your forward rules are too broad. You are forwarding any traffic destined for port 80 to the transparent proxy, no matter what. Assuming your network is 192.168.0.0/24 try this rule... add 3002 fwd 192.168.0.88,7080 tcp from 192.168.0.0/24 to any 80 > > > -- > David W. Chapman Jr. > dwcjr@inethouston.net Raintree Network Services, Inc. > dwcjr@freebsd.org FreeBSD Committer > -- Chris "I'll defend to the death your right to say that, but I never said I'd listen to it!" -- Tom Galloway with apologies to Voltaire http://gamershq.madonion.com/compare2k1.shtml?2648972 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message