Date: 05 Oct 2001 20:10:08 +0900 From: CHOI Junho <cjh@kr.freebsd.org> To: freebsd-net@freebsd.org Cc: cjh@kr.freebsd.org, khk@wdb.co.kr Subject: bridge + transparent proxy with 4-stable Message-ID: <86u1xe4a27.fsf@gradius.wdb.co.kr>
next in thread | raw e-mail | index | archive | help
Hi, Recently I've installed new bridge+ipfw at office. It is configured as: outer network -- <router> -- <bridge> -- <main hub> ---> inner network I installed FreeBSD 4.4-RELEASE and immediately update to 4-stable. Kernel configuration has: options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #print information about dropped packets options IPFIREWALL_FORWARD #enable transparent proxy support options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default options IPV6FIREWALL #firewall for IPv6 options IPV6FIREWALL_VERBOSE options IPV6FIREWALL_VERBOSE_LIMIT=100 options IPV6FIREWALL_DEFAULT_TO_ACCEPT options IPDIVERT #divert sockets options DUMMYNET options BRIDGE And this machine has fxp0(outer), fxp1(inner) interface. Only fxp1 has IP address. Bridged firewall was successful; it works nicely. I wish to try one more thing: Transparent proxy via Squid. I've installed www/squid24 port. squid.conf has: http_port 127.0.0.1:3128 httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on After running squid, I've added this rule at top of rules(output of ipfw -a list). 208.2.3.200(not real IP) is our firewall. 00500 0 0 allow tcp from 208.2.3.200 to any via fxp0 00550 173 11165 fwd 127.0.0.1,3128 tcp from 208.2.3.128/25 to any 80 via fxp1 As shown, rule 550 _filters_ packets, but it seems not to forward packets to 3128 ports(squid). All clients can go out with its IP, and nothing remains in squid log. Am I doing something wrong? I've searched many mailing lists(freebsd and squid) but I can't get good answers. p.s. I am doing NAT + Transparent Proxy in my home(ADSL). It works nicely. -- +++ Any opinions in this posting are my own and not those of my employers +++ CHOI Junho [sleeping now] <http://www.kr.FreeBSD.org/~cjh> [while sleeping] <cjh @ kr.FreeBSD.ORG> <cjh @ FreeBSD.ORG> <cjh @ wdb.co.kr> Korea FreeBSD Users Group <www.kr.FreeBSD.org> Web Data Bank<www.wdb.co.kr> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86u1xe4a27.fsf>