Date: Fri, 28 Jun 2002 08:23:39 -0400 (EDT) From: Jaime <jaime@snowmoon.com> To: freebsd-questions@freebsd.org Subject: transparent proxying Message-ID: <20020628082314.M9991-100000@malkav.snowmoon.com>
next in thread | raw e-mail | index | archive | help
I know how to make a transparent proxy with squid and ipfw. I've done it before. But now that I have to use dansguardian (damn CIPA rules), I'm having some trouble. My network looks something like: (ISP) -- (Router) -- (Firewall) -- (Core switch) The firewall looks something like: [ipfw] <--> [transproxy] <--> [dansguardian] <--> [squid] <--> [Web] I'm trying to get transproxy out of the mix, because its making all traffic to dansguardian into 127.0.0.1. This prevents me from tracking anything down or exempting certain IPs from the filters. My current attempts are more like this: [ipfw divert] <-> [natd] <-> dansguardian] <-> [squid] <-> [Web] I'm not sure how to configure natd, though. The firewall's inside interface is fxp1 and the outside is fxp0. I've tried each of the following ways to start natd, but none have seemed to work. Sometimes it ends up blocking all traffic and other times it lets all traffic through but it doesn't filter it. /sbin/natd -proxy_only -proxy_rule port 80 server 127.0.0.1:8080 -interface fxp0 /sbin/natd -proxy_only -proxy_rule encode_ip_hdr port 80 server 127.0.0.1:8080 -interface fxp0 /sbin/natd -proxy_only -proxy_rule encode_tcp_stream port 80 server 127.0.0.1:8080 -interface fxp0 /sbin/natd -reverse -proxy_only -proxy_rule port 80 server 127.0.0.1:8080 -interface fxp0 /sbin/natd -reverse -proxy_only -proxy_rule encode_ip_hdr port 80 server 127.0.0.1:8080 -interface fxp0 /sbin/natd -reverse -proxy_only -proxy_rule encode_tcp_stream port 80 server 127.0.0.1:8080 -interface fxp0 /sbin/natd -reverse -proxy_only -proxy_rule port 80 server 127.0.0.1:8080 -interface fxp1 /sbin/natd -reverse -proxy_only -proxy_rule encode_ip_hdr port 80 server 127.0.0.1:8080 -interface fxp1 /sbin/natd -reverse -proxy_only -proxy_rule encode_tcp_stream port 80 server 127.0.0.1:8080 -interface fxp1 /sbin/natd -proxy_only -proxy_rule port 80 server 127.0.0.1:8080 -interface fxp1 /sbin/natd -proxy_only -proxy_rule encode_ip_hdr port 80 server 127.0.0.1:8080 -interface fxp1 /sbin/natd -proxy_only -proxy_rule encode_tcp_stream port 80 server 127.0.0.1:8080 -interface fxp1 These were all with ipfw rules like this: /sbin/ipfw add 00050 divert natd tcp from 10.0.0.0/8 to not 10.0.0.0/8 80 Can anyone offer any insights? It doesn't even have to be a solution. I just feel like I'm missing a detail somewhere. Though I wouldn't turn down a solution! :) Thanks in advance, Jaime To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020628082314.M9991-100000>