Date: Mon, 17 Jul 2006 07:48:20 -0500 From: "curard bandage" <cbandage@msn.com> To: freebsd-questions@freebsd.org Subject: Need help with getting transparent proxy working across WAN Message-ID: <BAY105-F28519848781D751830F939CC620@phx.gbl>
next in thread | raw e-mail | index | archive | help
I have a FreeBSD transparent proxy working on local lan. Where the workstation's NIC has its gateway set to the proxy server's internal ip address. Everything works fine. Problem is when I move my workstation from the local lan where the proxy server resides, on to the 10.4.0.0 network, this is across a WAN link, Transparent proxy stops working it appears no web traffic is getting to the proxy, and I'm not able to get to ant web site. I am able to ping the proxy server, and use the proxy if I utilize a pac file, and drop the IPFW rules. I should also note that I have transparent proxy running under Debian using iptables, across the WAN link, but want to move to FreeBSD. So I feel my routers are setup correctly. I suspect the problem is with my IPFW rules or NAT configuration but I'm not sure. FreeBSD 6.1 Kernel was recompiled with: options IPFIREWALL options IPFIREWALL_FORWARD options IPFIREWALL_DEFAULT_TO_ACCEPT options IPDIVERT RC.CONF contains gateway_enable="YES" ifconfig_xl0="inet x.x.x.x. netmask 255.255.255.0" ifconfig_xl1="inet x.x.x.x netmask 255.255.255.0" firewall_enable="YES" firewall_type="OPEN" natd_enable="YES" natd_interface="xl1" natd_flags="" CISCO router has the following configured access-list 199 permit tcp 10.4.0.0 0.0.255.255 any eq www access-list 199 deny ip any any route-map redirect-proxy permit 10 match ip address 199 set ip next-hop <proxy server internal ip> My IPFW rules: ipfw -q flush ipfw add divert natd all from not me to any via <outside interface> ipfw add fwd 127.0.0.1:8000 tcp from any to any 80 squid complied with SQUID_CONFIGURE_ARGS+=--enable-pf-transparent" SQUID.CONF httpd_accel_host virtual httpd_accel_port 0 httpd_accel_with_proxy on httpd_accel_uses_host_header on header_access Via deny all header_access X-Forwarded-For deny all Thank you for taking the time to look. Any advice or troubleshooting tips are welcome. _________________________________________________________________ Don’t just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BAY105-F28519848781D751830F939CC620>