From owner-freebsd-isp@FreeBSD.ORG  Wed Jul  9 08:12:18 2003
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D188C37B401
	for <freebsd-isp@freebsd.org>; Wed,  9 Jul 2003 08:12:18 -0700 (PDT)
Received: from insourcery.net (ns1.insourcery.net [198.93.171.6])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2740A43F3F
	for <freebsd-isp@freebsd.org>; Wed,  9 Jul 2003 08:12:14 -0700 (PDT)
	(envelope-from eculp@encontacto.net)
Received: from localhost (localhost [127.0.0.1])
  (uid 80)
  by insourcery.net with local; Wed, 09 Jul 2003 08:12:14 -0700
Received: from grupo-cg01.terra.net.mx (grupo-cg01.terra.net.mx
	[200.4.106.65]) by mail.encontacto.net (Horde) with HTTP for
	<eculp@encontacto.net>; Wed,  9 Jul 2003 08:12:13 -0700
Message-ID: <1057763533.5ad8bd3350995@mail.encontacto.net>
X-Priority: 3 (Normal)
Date: Wed,  9 Jul 2003 08:12:13 -0700
From: eculp@encontacto.net
To: Noah K Sematimba <ksemat@ksemat.co.ug>
References: <1057695236.51317f5568a73@mail.encontacto.net>
	<20030709151451.B365@ksemat.co.ug>
In-Reply-To: <20030709151451.B365@ksemat.co.ug>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
User-Agent: Internet Messaging Program (IMP) 4.0-cvs
X-Originating-IP: 200.4.106.65
cc: "freebsd-isp@freebsd.org" <freebsd-isp@freebsd.org>
Subject: Re: How to use transparent kernel proxy with squid?
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Jul 2003 15:12:19 -0000

Quoting Noah K Sematimba <ksemat@ksemat.co.ug>:

|
| I use a similar rule and it worked beautifully though I did not bother to
| add the recv and xmit stuff. Afterall I already block private ips from
| coming in my external interface anyways.
|
Noah,

Thanks for giving me hope :-)  Could you share the relevant ipfw lines?
I would sure appreciate it.  I don't understand what is happening and a
different approach will help, I'm sure.

Thanks,

ed

P.S. Did you compile squid with the  --enable-ipf-transparent option?
     maybe I should compile it without it because I'm using ipfw.

-------------------------------------------------