Date: Fri, 27 Feb 2004 13:41:11 +0200 From: "Leon Botes" <leon@trusc.net> To: <freebsd-questions@freebsd.org> Subject: IPFW & SQUID & 2 bsd boxes & 2 different internet routers Message-ID: <20040227114148.63FA743D1D@mx1.FreeBSD.org>
next in thread | raw e-mail | index | archive | help
Here is something that gave me uphill for a long time which I thought I might share with anyone who is interested. The problem was the traffic was too much for the one line so we installed a second line. How to divert all the http 80 stuff down the second line using a second box as a proxy? Box A is the bsd gateway with nics IIF and OIF. Runs ipfw which forwards the tcp 80 connections from the IIF network to box B It has a default gateway of internet router C Box B is the squid proxy running in httpd accelerator mode with one nic on the same network as the Box A OIF. Runs ipfw which forwards the tcp 80 connections coming into it to 127.0.0.1:3128. It has a default gateway of internet router D The answer is all in the ipfw rules. On box A: Add this rule AFTER the natd rules Ipfw add (rulenumber) fwd (Box B) tcp from any to any 80 out via (oif) On box B: Ipfw add (firstrulenumber) fwd 127.0.0.1,3128 tcp from any to any 80 in via (oif) That rule forwards all incoming requests to the squid running on the localhost. If you are stuck with only one box do this in the rules: Ipfw add fwd 127.0.0.1,3128 tcp from any to any 80 in via IIF Ipfw fwd (router for the http) tcp from any to any 80 out via OIF Any suggestions, improvements or shoot me downs are welcome. Leon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040227114148.63FA743D1D>