Date: Fri, 6 Aug 1999 19:58:52 +0200 (CEST) From: Ludo Koren <ludo_koren@tempest.sk> To: freebsd-questions@freebsd.org Subject: Bridge + IPFW Message-ID: <199908061758.TAA72012@t47.tempest.sk>
next in thread | raw e-mail | index | archive | help
Hi.
Several days ago I posted similar question to freebsd-ipfw but I
get just one response, that didn't answered my questions.....
I am trying forward all traffic going to port 80 to Squid (transparent
caching and proxying). The problem is I cannot force Squid to cache
pages (everything is going just through without caching).
Here is my net topology:
Client | |ep0 | |
Netscape |----cross----|Bridge|-----------|Internet
| | xl0| |
I am using 3.2-STABLE. The relevant part of the kernel config:
options BRIDGE
options IPFIREWALL #firewall
options IPFIREWALL_VERBOSE #print information about
# dropped packets
options IPFIREWALL_FORWARD #enable transparent proxy support
options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default
options DUMMYNET
ipfw configuration:
ipfw add 300 allow log tcp from 195.28.100.104 to any via xl0
ipfw add 500 fwd 127.0.0.1,3128 log tcp from any to any 80
ipfw add 60000 allow log tcp from any to any
xl0 has address 195.28.100.104. Client has address 195.28.100.106
The squid.conf is:
http_port 3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
(I followed the FAQ).
Am I correct in assuming the above mentioned configuration should
forward all packets destined to port 80 to the Squid? Is it doable
using bridge kernel option and ipfw forwarding or am I missing
something?
Here is log from the kernel:
Aug 6 19:34:51 lk104 /kernel: ipfw: 500 Forward to 127.0.0.1:3128 TCP 195.28.100.106:1065 195.28.100.6:80 in via ep0
Aug 6 19:34:51 lk104 /kernel: ipfw: 60000 Accept TCP 195.28.100.6:80 195.28.100.106:1065 in via xl0
Aug 6 19:34:51 lk104 /kernel: ipfw: 60000 Accept TCP 195.28.100.6:80 195.28.100.106:1065 in via xl0
Aug 6 19:34:51 lk104 /kernel: ipfw: 500 Forward to 127.0.0.1:3128 TCP 195.28.100.106:1065 195.28.100.6:80 in via ep0
Aug 6 19:34:51 lk104 /kernel: ipfw: 500 Forward to 127.0.0.1:3128 TCP 195.28.100.106:1065 195.28.100.6:80 in via ep0
Aug 6 19:34:51 lk104 /kernel: ipfw: 500 Forward to 127.0.0.1:3128 TCP 195.28.100.106:1065 195.28.100.6:80 in via ep0
Aug 6 19:34:51 lk104 /kernel: ipfw: 60000 Accept TCP 195.28.100.6:80 195.28.100.106:1065 in via xl0
Aug 6 19:34:51 lk104 /kernel: ipfw: 500 Forward to 127.0.0.1:3128 TCP 195.28.100.106:1065 195.28.100.6:80 in via ep0
Aug 6 19:34:51 lk104 /kernel: ipfw: 60000 Accept TCP 195.28.100.6:80 195.28.100.106:1065 in via xl0
I hope I get response this time....
Thanks,
ludo
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199908061758.TAA72012>