From owner-freebsd-isp Wed Dec 22 17:40:22 1999 Delivered-To: freebsd-isp@freebsd.org Received: from mail.fil.net (mail.fil.net [202.57.102.7]) by hub.freebsd.org (Postfix) with ESMTP id 31781156CB for ; Wed, 22 Dec 1999 17:40:19 -0800 (PST) (envelope-from aLan@fil.net) Received: from fil.net ([202.57.102.6]) by mail.fil.net (Netscape Messaging Server 3.62) with ESMTP id 182; Thu, 23 Dec 1999 09:39:57 +0800 Message-ID: <38617D6A.DABBE1E7@fil.net> Date: Thu, 23 Dec 1999 09:39:54 +0800 From: "aLan Tait" X-Mailer: Mozilla 4.6 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: Thomas Wahyudi Cc: freebsd-isp@FreeBSD.ORG Subject: Re: Transproxy to Squid Box! References: <013a01bf4c63$41179100$6567640a@siomay.unpar.ac.id> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Thomas Wahyudi wrote: > >Here is the layout... > > > >Firewall: > >Outside: ed1 1.1.27.127 /28 > >Inside: xl0 2.2.102.1 /23 > > > >Proxy/Squid: xl0 2.2.102.2 /23 > > > >Basically, I want to redirect anything that goes to > >2.2.102.1 port 80 (for any address 0.0.0.0/0) > 2.2.102.2 > >port 3128 > > > >Any suggestions, directions, or sample config files of > >working systems would be most helpful! If there is a set-up > >or FAQ about Transproxy - I haven't found it yet (actually > >thinking about writing my own!) Any help at all! > > #here's what we using in our campus > > Internet Internet > | | > proxy A proxy B > |_________| > | > NATD -------> internet > | > local > > Proxy A & B just an ordinary proxy server with 2 different IP (multihomed) > all server using FreeBSD box > NATD using squid in port 3128 that connect to 2 proxy using proxy-only > option > and rule in firewall is > > 500 fwd [Natd ip],3128 tcp from any to any 80 > > and in NATD squid.conf > cache_peer proxy_A 3128 3130 proxy-only > cache_peer proxy_B 3128 3130 proxy-only > > hope that's help In your layout above... the NATD box shows three lines coming out of it. Is this three different interfaces? Also, does each proxy (A & B) have its own Internet access (without passing back through the NATD box? Does anyone have a working example for IPNAT and IPFILTER? Or must I change over my firewall to IPFW and NATD like this example? aLan -- *** I switched to FreeBSD from When?Doze because... *** I never knew When? *** It was going to Doze! ---------------------------------- Filipino Network Solution - Fil.Net ---------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message