From owner-freebsd-questions Fri Aug 6 10:58:59 1999 Delivered-To: freebsd-questions@freebsd.org Received: from t47.tempest.sk (t47.tempest.sk [195.28.100.47]) by hub.freebsd.org (Postfix) with ESMTP id E2CA014D1F for ; Fri, 6 Aug 1999 10:58:49 -0700 (PDT) (envelope-from ludo_koren@tempest.sk) Received: (from koren@localhost) by t47.tempest.sk (8.9.3/8.9.3) id TAA72012; Fri, 6 Aug 1999 19:58:52 +0200 (CEST) (envelope-from koren) Date: Fri, 6 Aug 1999 19:58:52 +0200 (CEST) Message-Id: <199908061758.TAA72012@t47.tempest.sk> From: Ludo Koren To: freebsd-questions@freebsd.org Subject: Bridge + IPFW Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi. Several days ago I posted similar question to freebsd-ipfw but I get just one response, that didn't answered my questions..... I am trying forward all traffic going to port 80 to Squid (transparent caching and proxying). The problem is I cannot force Squid to cache pages (everything is going just through without caching). Here is my net topology: Client | |ep0 | | Netscape |----cross----|Bridge|-----------|Internet | | xl0| | I am using 3.2-STABLE. The relevant part of the kernel config: options BRIDGE options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #print information about # dropped packets options IPFIREWALL_FORWARD #enable transparent proxy support options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default options DUMMYNET ipfw configuration: ipfw add 300 allow log tcp from 195.28.100.104 to any via xl0 ipfw add 500 fwd 127.0.0.1,3128 log tcp from any to any 80 ipfw add 60000 allow log tcp from any to any xl0 has address 195.28.100.104. Client has address 195.28.100.106 The squid.conf is: http_port 3128 httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on (I followed the FAQ). Am I correct in assuming the above mentioned configuration should forward all packets destined to port 80 to the Squid? Is it doable using bridge kernel option and ipfw forwarding or am I missing something? Here is log from the kernel: Aug 6 19:34:51 lk104 /kernel: ipfw: 500 Forward to 127.0.0.1:3128 TCP 195.28.100.106:1065 195.28.100.6:80 in via ep0 Aug 6 19:34:51 lk104 /kernel: ipfw: 60000 Accept TCP 195.28.100.6:80 195.28.100.106:1065 in via xl0 Aug 6 19:34:51 lk104 /kernel: ipfw: 60000 Accept TCP 195.28.100.6:80 195.28.100.106:1065 in via xl0 Aug 6 19:34:51 lk104 /kernel: ipfw: 500 Forward to 127.0.0.1:3128 TCP 195.28.100.106:1065 195.28.100.6:80 in via ep0 Aug 6 19:34:51 lk104 /kernel: ipfw: 500 Forward to 127.0.0.1:3128 TCP 195.28.100.106:1065 195.28.100.6:80 in via ep0 Aug 6 19:34:51 lk104 /kernel: ipfw: 500 Forward to 127.0.0.1:3128 TCP 195.28.100.106:1065 195.28.100.6:80 in via ep0 Aug 6 19:34:51 lk104 /kernel: ipfw: 60000 Accept TCP 195.28.100.6:80 195.28.100.106:1065 in via xl0 Aug 6 19:34:51 lk104 /kernel: ipfw: 500 Forward to 127.0.0.1:3128 TCP 195.28.100.106:1065 195.28.100.6:80 in via ep0 Aug 6 19:34:51 lk104 /kernel: ipfw: 60000 Accept TCP 195.28.100.6:80 195.28.100.106:1065 in via xl0 I hope I get response this time.... Thanks, ludo To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message