Date: Thu, 1 Feb 2001 18:07:43 -0500 (EST) From: mi@aldan.algebra.com To: Julian Elischer <julian@elischer.org> Cc: questions@freebsd.org, net@freebsd.org Subject: Re: transparent proxying through a separate machine Message-ID: <200102012307.f11N7iP51027@misha.privatelabs.com> In-Reply-To: <3A79D157.A18270EB@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1 Feb, Julian Elischer wrote: = > We have a single firewall machine and a _separate_ machine running = > squid proxy (both servers are on the same network wire). = > = > How do I catch all of the outgoing http requests and send them = > through squid? = > = > I tried = > = > ipfw add fwd squid,3128 tcp from any to any http = > = > but it does not seem to work -- squid never gets contacted. All of = > the recipes out there describe the setups with squid and the = > firewall being on the same machine. What else do I need to do? = = I assume squid is the name of the other machine? you need to have the = same rule in the ipfw on that machine too. Yes. Ok. This is what I just added to the squid-machine: ipfw add allow ip from any to any out ipfw add fwd localhost,3128 log tcp from any to any 3128 in = otherwise it will reflect the packet back at it's original destination = as it still has headers saying it wants to go there. (It's unaltered). The firewall machine logs ipfw: 3000 Forward to squid.ip:3128 TCP client.ip:3977 web.server.ip:80 in via dc0 But the client still talks to the web-server directly :( The squid's log is quiet... Anything I'm missing? Perhaps, I need a user-space program of some sort to run on the firewall to do the tunneling? Thanks! -mi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102012307.f11N7iP51027>