Date: Fri, 13 Jun 2003 13:25:35 +0200 From: "Doron Shmaryahu" <doron@home.crc.co.za> To: "'Andrew Thomson'" <ajthomson@optushome.com.au>, <freebsd-questions@freebsd.org> Subject: RE: more transparent proxy and squid questions. Message-ID: <000201c3319e$843f4a80$0801a8c0@dman> In-Reply-To: <20030613071346.GR15745@athomson.prv.au.itouchnet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, You will want to make sure that you have this rule before the divert = rule allow tcp from (live ip address) to any otherwise squid will go into a forwarding loop. You do not need ip-transparent if you are using IPFW to do the divert. Oh yes the = headers are from the live ip of the squid box. I know there is a way to pass the clients ip to the remote site. Check on the squid web page regarding = that. Kind Regards Doron Shmaryahu -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Andrew Thomson Sent: 13 June 2003 09:14 AM To: freebsd-questions@freebsd.org Subject: Re: more transparent proxy and squid questions. oh, and does squid need to be compiled with CONFIGURE_ARGS+=3D --enable-ipf-transparent given the firewall does the divert to the squid box ?? ta, ajt. On Fri, Jun 13, 2003 at 05:04:38PM +1000, Andrew Thomson wrote: > I'm not looking for help at setting this up as such, but rather a = better > understanding of what's happening to the packets in this situation. >=20 > I have a freebsd firewall/gateway box. >=20 > I then fwd the port 80 requests to the squid box on port 3128 >=20 > squid then i imagine process the request.. does squid then make the = same > http request with it's ip as the source? >=20 > perhaps an illustration might be helpful. >=20 > wall/gwy =3D 192.168.1.1 > squid =3D 192.168.1.2 > user =3D 192.168.1.3 >=20 > user makes an http request. >=20 > ipfw rule on wall diverts to squid: >=20 > ipfw add 50 fwd 192.168.1.2,3128 tcp from any to any 80 >=20 > does squid then make the request with it's ip? >=20 > thus we'd need something like, >=20 > ipfw add 45 allow tcp from 192.168.1.2 to any 80 >=20 > squid updates the cache/passes the data back to the user?? >=20 > thanks, >=20 > ajt. >=20 >=20 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >=20 _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000201c3319e$843f4a80$0801a8c0>