Date: Tue, 17 Jun 2003 14:37:09 +1000 From: Andrew Thomson <ajthomson@optushome.com.au> To: freebsd-questions@freebsd.org Subject: Re: more transparent proxy and squid questions. Message-ID: <20030617043709.GA59217@athomson.prv.au.itouchnet.net> In-Reply-To: <20030616065212.GB600@athomson.prv.au.itouchnet.net> References: <20030613070438.GO15745@athomson.prv.au.itouchnet.net> <3EE9D5DD.1090209@potentialtech.com> <20030615234105.GD60583@athomson.prv.au.itouchnet.net> <20030616072526.1a25943a.bsdwave@go.ro> <20030616065212.GB600@athomson.prv.au.itouchnet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
further, if i do try and configure with the --enable-ipfw-transparent
option, configure complains with the following:
checking if setresuid is implemented... yes
checking if IP-Filter header files are installed... no
WARNING: Cannot find necessary IP-Filter header files
Transparent Proxy support WILL NOT be enabled
I appreciate it's talking about ipfilter however I use ipfw which is
compiled into the kernel.
I want transparent proxy but with ipfw..
what's the status?
ajt.
On Mon, Jun 16, 2003 at 04:52:12PM +1000, Andrew Thomson wrote:
> i'm still having issues here..
>
> has anyone else got transparent proxy going with firewall and squid on
> different boxes??
>
> anyway, from the squid faq, does this apply to freebsd these days??
>
> ..."Compile and run a version of Squid which accepts connections for other
> addresses. For some operating systems, you need to have configured and
> built a version of Squid which can recognize the hijacked connections
> and discern the destination addresses. For Linux this seems to work
> automatically. For *BSD-based systems, you probably have to configure
> squid with the --enable-ipf-transparent option. (Do a make clean if you
> previously configured without that option, or the correct settings may
> not be present.)"...
>
> i'm trying to use ipfw for my fwd'ing from the firewall to the proxy
> server.
>
> thanks,
>
> ajt.
>
> On Mon, Jun 16, 2003 at 07:25:26AM +0300, Rapier wrote:
> > From what you've said you have natd enabled,instead of redirecting with ipfw you shoud redirect with natd!man natd
> >
> >
> > On Mon, 16 Jun 2003 09:41:05 +1000
> > Andrew Thomson <ajthomson@optushome.com.au> wrote:
> >
> > > On Fri, Jun 13, 2003 at 09:47:09AM -0400, Bill Moran wrote:
> > > >
> > > > Yes. You've got the right idea.
> > > >
> > >
> > > hmm.. i have encountered some difficulties ;) so now i'm seeking some
> > > more advice..
> > >
> > > i have the following rules on my firewall:
> > >
> > > 10561 skipto 11000 ip from 192.168.1.2 to any
> > > 10562 fwd 192.168.1.2,3128 tcp from 192.168.1.3 to any 80
> > >
> > > keeping in line with my example, 1=fwall, 2=squid, 3=user
> > >
> > > the skipto is in there so we go through nat and get a proper ip.
> > >
> > > i never see any packets get to the squid box though..
> > >
> > > ipfw show indicates matching packets
> > > ipfw show 10561 10562
> > > 10561 5342 331306 skipto 11000 ip from 192.168.1.2 to any
> > > 10562 2520 120960 fwd 192.168.1.2,3128 tcp from 192.168.1.3 to any 80
> > >
> > > a tcpdump on the squid box looking out for port 3128 shows nothing, although
> > > the ipfw shows matches..
> > >
> > > i'll keep digging around but any more tips would be appreciated on this
> > > setup.
> > >
> > > thanks,
> > >
> > > andrew.
> > >
> > >
> > >
> > > _______________________________________________
> > > freebsd-questions@freebsd.org mailing list
> > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
> > _______________________________________________
> > freebsd-questions@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
> >
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030617043709.GA59217>