From owner-freebsd-questions@FreeBSD.ORG Fri Jun 13 04:25:57 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E18F637B401 for ; Fri, 13 Jun 2003 04:25:56 -0700 (PDT) Received: from mail.crc.co.za (mail.crc.co.za [196.36.165.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1A85A43FAF for ; Fri, 13 Jun 2003 04:25:54 -0700 (PDT) (envelope-from doron@home.crc.co.za) Received: (from root@localhost) by mail.crc.co.za (8.12.9/8.12.9) id h5DBPrCK030980; Fri, 13 Jun 2003 13:25:53 +0200 (SAST) (envelope-from doron@home.crc.co.za) Received: from home.crc.co.za (home.crc.co.za [196.36.165.34]) by mail.crc.co.za (8.12.9/8.12.8) with ESMTP id h5DBPnTw030956; Fri, 13 Jun 2003 13:25:50 +0200 (SAST) (envelope-from doron@home.crc.co.za) Received: (from root@localhost) by home.crc.co.za (8.12.9/8.12.9) id h5DBPiDb048921; Fri, 13 Jun 2003 13:25:44 +0200 (SAST) (envelope-from doron@home.crc.co.za) Received: from dman ([192.168.1.8]) by home.crc.co.za (8.12.9/8.12.9) with ESMTP id h5DBPakB048896; Fri, 13 Jun 2003 13:25:37 +0200 (SAST) (envelope-from doron@home.crc.co.za) From: "Doron Shmaryahu" To: "'Andrew Thomson'" , Date: Fri, 13 Jun 2003 13:25:35 +0200 Message-ID: <000201c3319e$843f4a80$0801a8c0@dman> MIME-Version: 1.0 X-scanner: scanned by Inflex 1.0.10 - (http://pldaniels.com/inflex/) Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal In-Reply-To: <20030613071346.GR15745@athomson.prv.au.itouchnet.net> X-scanner: scanned by Inflex 1.0.12.3 - (http://pldaniels.com/inflex/) Subject: RE: more transparent proxy and squid questions. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Jun 2003 11:25:57 -0000 Hi, You will want to make sure that you have this rule before the divert = rule allow tcp from (live ip address) to any otherwise squid will go into a forwarding loop. You do not need ip-transparent if you are using IPFW to do the divert. Oh yes the = headers are from the live ip of the squid box. I know there is a way to pass the clients ip to the remote site. Check on the squid web page regarding = that. Kind Regards Doron Shmaryahu -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Andrew Thomson Sent: 13 June 2003 09:14 AM To: freebsd-questions@freebsd.org Subject: Re: more transparent proxy and squid questions. oh, and does squid need to be compiled with CONFIGURE_ARGS+=3D --enable-ipf-transparent given the firewall does the divert to the squid box ?? ta, ajt. On Fri, Jun 13, 2003 at 05:04:38PM +1000, Andrew Thomson wrote: > I'm not looking for help at setting this up as such, but rather a = better > understanding of what's happening to the packets in this situation. >=20 > I have a freebsd firewall/gateway box. >=20 > I then fwd the port 80 requests to the squid box on port 3128 >=20 > squid then i imagine process the request.. does squid then make the = same > http request with it's ip as the source? >=20 > perhaps an illustration might be helpful. >=20 > wall/gwy =3D 192.168.1.1 > squid =3D 192.168.1.2 > user =3D 192.168.1.3 >=20 > user makes an http request. >=20 > ipfw rule on wall diverts to squid: >=20 > ipfw add 50 fwd 192.168.1.2,3128 tcp from any to any 80 >=20 > does squid then make the request with it's ip? >=20 > thus we'd need something like, >=20 > ipfw add 45 allow tcp from 192.168.1.2 to any 80 >=20 > squid updates the cache/passes the data back to the user?? >=20 > thanks, >=20 > ajt. >=20 >=20 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >=20 _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org"