Date: Sat, 15 Feb 2003 23:41:00 +0100 From: Gianmarco Giovannelli <gmarco@scotty.masternet.it> To: 520023893678-0001@t-online.de (P. U. Kruppa), Dancho Penev <dpenev@mail.bg> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: squid and ipfw ... fwd ... Message-ID: <5.2.0.9.2.20030215233617.015fee50@194.184.65.7> In-Reply-To: <20030214082241.Y681@small.pukruppa.de> References: <20030213185051.GA536@earth.dpsca.bg> <20030213183028.S681@small.pukruppa.de> <20030213185051.GA536@earth.dpsca.bg>
next in thread | previous in thread | raw e-mail | index | archive | help
At 14/02/2003, P. U. Kruppa wrote:
>On Thu, 13 Feb 2003, Dancho Penev wrote:
>
> > On Thu, Feb 13, 2003 at 06:44:24PM +0100, P. U. Kruppa wrote:
> > >Date: Thu, 13 Feb 2003 18:44:24 +0100 (CET)
> > >From: 520023893678-0001@t-online.de (P. U. Kruppa)
> > >To: freebsd-questions@FreeBSD.ORG
> > >Subject: squid and ipfw ... fwd ...
> > >
> > >Hi!
> > >
> > >I am trying to setup a transparent proxy with Squid.
This should work, squid on port 3128 on the gateway of the intranet.
# Transparent Proxy -- ipfw (before divert rules) ....
${ipfwcmd} 0045 pass tcp from ${MY_EXTERNAL_IP} to any 80
${ipfwcmd} 0049 fwd 127.0.0.1,3128 tcp from any to any 80
--> minimal squid.conf
http_port 3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
cache_dir null /tmp
cache_access_log /usr/local/squid/logs/access.log
cache_log /usr/local/squid/logs/cache.log
ftp_user squid@
ftp_passive off
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl yournet src ${YOUR_NET_CLASS}
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow ${YOUR_NET_CLASS}
http_access deny all
Please let me know...
Best Regards,
Gianmarco Giovannelli , "Unix expert since yesterday"
http://www.gufi.org/~gmarco
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.2.0.9.2.20030215233617.015fee50>