Date: Fri, 14 Feb 2003 08:38:34 +0100 (CET) From: 520023893678-0001@t-online.de (P. U. Kruppa) To: Dancho Penev <dpenev@mail.bg> Cc: "P. U. Kruppa" <520023893678-0001@t-online.de>, "" <freebsd-questions@FreeBSD.ORG> Subject: Re: squid and ipfw ... fwd ... Message-ID: <20030214082241.Y681@small.pukruppa.de> In-Reply-To: <20030213185051.GA536@earth.dpsca.bg> References: <20030213183028.S681@small.pukruppa.de> <20030213185051.GA536@earth.dpsca.bg>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 13 Feb 2003, Dancho Penev wrote: > On Thu, Feb 13, 2003 at 06:44:24PM +0100, P. U. Kruppa wrote: > >Date: Thu, 13 Feb 2003 18:44:24 +0100 (CET) > >From: 520023893678-0001@t-online.de (P. U. Kruppa) > >To: freebsd-questions@FreeBSD.ORG > >Subject: squid and ipfw ... fwd ... > > > >Hi! > > > >I am trying to setup a transparent proxy with Squid. > > > >Proxying and caching itself works fine (thanks to the help of > >this list!) - my Squid is listening on port 80. > > > >I have got the ipfw kernel module running and seem to be able to > >change all kinds of rules via ipfw or from bootup via some > >firewall configuration file. As all kinds of manuals advise I do > ># ipfw add 200 allow tcp from 192.168.10.1 to any > >and still everything works fine. But when I try the next line > ># ipfw add 300 fwd 127.0.0.1 tcp from any to any 80 > >I keep receiving access denied messages from squid. > > Put in squid config file something like this (change ip address and netmask): > > acl permitednet src 192.168.0.0/255.255.0.0 > http_access allow permitednet I have got these. Squid works fine as long as I setup all browsers to use 192.168.10.1's port 80 . But when they are set to automatic detection they don't use Squid. The ipfw rule 300 should redirect all traffic to squid - which it in fact does: The access denial message is produced by Squid. But there everything ends. Uli. > Take a look at ACCESS CONTROLS section in squid.conf for more details. > In fact if you keep above two ipfw rules transparent proxy will not work for > 192.168.10.1 . > > > > >I found several emails about this problem in Google but no > >solution. > > > > > >What can be done now? > > > >Thanks for any ideas, > > > >Uli. > > > >*-----------------------------------* > >* Peter Ulrich Kruppa * > >* - Wuppertal - * > >* Germany * > >*-----------------------------------* > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-questions" in the body of the message > > -- > Regards, > Dancho Penev > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > *-----------------------------------* * Peter Ulrich Kruppa * * - Wuppertal - * * Germany * *-----------------------------------* To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030214082241.Y681>