Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 7 Dec 2002 16:50:41 -0600 (CST)
From:      "Scott A. Moberly" <smoberly@karamazov.org>
To:        <glennpj@charter.net>
Cc:        <questions@FreeBSD.ORG>
Subject:   Re: need help setting up a transparent proxy
Message-ID:  <1297.10.0.0.2.1039301441.squirrel@mail.karamazov.org>
In-Reply-To: <20021207193526.GA1123@gforce.johnson.home>
References:  <20021207193526.GA1123@gforce.johnson.home>
next in thread | previous in thread | raw e-mail | index | archive | help 
> I am trying to set up a transparent squid proxy with ipfw.  I am using
> FreeBSD 4.7-STABLE (current as of today), version 2.5_1 of squid.  I
> have read the relevant information on the squid Web site and searched
> the FreeBSD mail archive.  I am pretty sure I have everything set up
> right but it just does not work.
>
> I have the following in my kernel config:
>
> options         IPFIREWALL              #firewall
> options         IPFIREWALL_FORWARD      #enable transparent proxy
> support options         IPDIVERT                #divert sockets
> options         IPSTEALTH               #support for stealth forwarding
>
> I have the following in my squid.conf file:
>
> http_port 3128
> httpd_accel_port 80
> httpd_accel_host virtual
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
>
> I am using the "SIMPLE" firewall setup I have the following in my
> rc.firewall file
>
> 	# Allow setup of any other TCP connection
>         ${fwcmd} add pass tcp from any to any setup
>
>         # Try this to get a transparent proxy
>         ${fwcmd} add fwd 127.0.0.1,3128 tcp from any to any 80
>
> I have also tried setting the first rule above to "...any to any 80" but
> that did not help.
>
> What am I missing?
>
> Thanks.
Looks like an infinite loop to me.  If this is on a gateway machine, you
might try:

$fwcmd add fwd 127.0.0.1,3128 from INTERNAL_NETWORK to any 80

If the machine in inside the network you will want a skipto statement. 
Skiping over this statement for the machine itself will resurrect you from
the infinite loop.

--
Scott A. Moberly
smoberly@karamazov.org





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1297.10.0.0.2.1039301441.squirrel>