Date: Mon, 16 Jun 2003 10:28:00 +0200 From: "Doron Shmaryahu" <doron@home.crc.co.za> To: "'Andrew Thomson'" <ajthomson@optushome.com.au>, <freebsd-questions@freebsd.org> Subject: RE: more transparent proxy and squid questions. Message-ID: <000d01c333e1$32f8f320$0801a8c0@dman> In-Reply-To: <20030616065212.GB600@athomson.prv.au.itouchnet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, This is relatively easy if you set the gateway of the other machine to = be your squid box. Otherwise you have no way of hijacking the connections = !! Also this could be done via a access list on a router. Kind Regards=20 Doron Shmaryahu -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Andrew Thomson Sent: 16 June 2003 08:52 AM To: freebsd-questions@freebsd.org Subject: Re: more transparent proxy and squid questions. i'm still having issues here.. has anyone else got transparent proxy going with firewall and squid on different boxes?? anyway, from the squid faq, does this apply to freebsd these days?? ..."Compile and run a version of Squid which accepts connections for = other addresses. For some operating systems, you need to have configured and built a version of Squid which can recognize the hijacked connections and discern the destination addresses. For Linux this seems to work automatically. For *BSD-based systems, you probably have to configure squid with the --enable-ipf-transparent option. (Do a make clean if you previously configured without that option, or the correct settings may not be present.)"... i'm trying to use ipfw for my fwd'ing from the firewall to the proxy server. thanks, ajt. On Mon, Jun 16, 2003 at 07:25:26AM +0300, Rapier wrote: > From what you've said you have natd enabled,instead of redirecting with ipfw you shoud redirect with natd!man natd >=20 >=20 > On Mon, 16 Jun 2003 09:41:05 +1000 > Andrew Thomson <ajthomson@optushome.com.au> wrote: >=20 > > On Fri, Jun 13, 2003 at 09:47:09AM -0400, Bill Moran wrote: > > >=20 > > > Yes. You've got the right idea. > > >=20 > >=20 > > hmm.. i have encountered some difficulties ;) so now i'm seeking = some > > more advice.. > >=20 > > i have the following rules on my firewall: > >=20 > > 10561 skipto 11000 ip from 192.168.1.2 to any > > 10562 fwd 192.168.1.2,3128 tcp from 192.168.1.3 to any 80 > >=20 > > keeping in line with my example, 1=3Dfwall, 2=3Dsquid, 3=3Duser > >=20 > > the skipto is in there so we go through nat and get a proper ip. > >=20 > > i never see any packets get to the squid box though.. > >=20 > > ipfw show indicates matching packets > > ipfw show 10561 10562 > > 10561 5342 331306 skipto 11000 ip from 192.168.1.2 to = any > > 10562 2520 120960 fwd 192.168.1.2,3128 tcp from = 192.168.1.3 to any 80 > >=20 > > a tcpdump on the squid box looking out for port 3128 shows nothing, although > > the ipfw shows matches.. > >=20 > > i'll keep digging around but any more tips would be appreciated on = this > > setup. > >=20 > > thanks, > >=20 > > andrew. > >=20 > >=20 > >=20 > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >=20 _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000d01c333e1$32f8f320$0801a8c0>