From owner-freebsd-questions Wed Jul 4 14:50:18 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail.gmx.net (pop.gmx.net [194.221.183.20]) by hub.freebsd.org (Postfix) with SMTP id ECA2C37B403 for ; Wed, 4 Jul 2001 14:50:13 -0700 (PDT) (envelope-from j_trzaska@gmx.net) Received: (qmail 13756 invoked by uid 0); 4 Jul 2001 21:50:12 -0000 Received: from pd4b9f213.dip.t-dialin.net (HELO gmx.net) (212.185.242.19) by mail.gmx.net (mp004-rz3) with SMTP; 4 Jul 2001 21:50:12 -0000 Message-ID: <3B438F44.2EDCCFA5@gmx.net> Date: Wed, 04 Jul 2001 23:48:52 +0200 From: Jens Trzaska X-Mailer: Mozilla 4.75 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Manolo Valdes Cc: freebsd-questions@freebsd.org Subject: Re: transparent proxy problem References: <01070408472700.01695@proxy.atenas.cult.cu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello! Manolo Valdes wrote: > > Hi > I'm trying to run squid as a transparent proxy but nothing works fine. > > there is the squid.conf file: > _____________________________________________ > #Squid Transparent proxy settings > httpd_accel_host virtual > httpd_accel_port 80 > httpd_accel_with_proxy on > httpd_accel_uses_host_header on > > #Defaults: > > acl all src 0.0.0.0/0.0.0.0 > acl manager proto cache_object > acl localhost src 127.0.0.1/255.255.255.255 > acl SSL_ports port 443 563 > acl Safe_ports port 80 21 443 563 70 210 1025-65535 > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > > # My acls > acl This_One src 169.158.120.179/255.255.255.255 > acl LAN src 192.168.1.1/255.255.255.0 > #Default configuration: > > http_access allow manager localhost > http_access deny manager > http_access deny !Safe_ports > > http_access allow This_One > http_access allow LAN > http_access deny all > ____________________________________________________ > > and there is the ipfw rules > > 00050 fwd 169.158.120.179,3128 tcp from 192.168.1.0/24 80 to any shouldn't that be: 00050 fwd 169.158.120.179,3128 tcp from 192.168.1.0/24 to any 80 80 is the destination port... > 00100 allow ip from any to any via lo0 > 00200 deny ip from any to 127.0.0.0/8 > 65000 allow ip from any to any > 65535 deny ip from any to any > > My kernel have been compiled whith > ________________________________________________ > options IPFIREWALL > options IPFIREWALL_VERBOSE > options IPFIREWALL_FORWARD > options IPDIVERT > _________________________________________________ > > so i think everything is ok, but nothing works. > i was wondering if the squid that cames with FreeBSD-4.2 distributions is > compiled for transparent proxy? if that doesn't work ask me again. I have that constellation working over here. Works really fine. Regards Jens Trzaska To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message