Date: Mon, 21 Aug 2000 18:24:49 -0400 From: "MANAS Mail Administrator" <postbox@manas.kg> To: <freebsd-questions@FreeBSD.ORG> Subject: please help me with ipfw and transparent proxy Message-ID: <001801c00bbe$a0cf8420$076c2ad4@manas.kg>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------=_NextPart_000_0013_01C00B9D.17964930 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable Good day! Could you please tell me where is a mistake in transparent proxy = configuration? I have squid working on 3128 port. I would like to setup transparent = proxy: so, my squid.conf configuration is: http_port 3128 httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on my ipfw rules are (ipfw show): 00100 17205 10373558 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 allow ip from xxx.xxx.xxx.xxx to = aaa.aaa.aaa.aaa/24 00400 0 0 allow ip from aaa.aaa.aaa.aaa/24 to = xxx.xxx.xxx.xxx 00500 428420 176180909 allow tcp from any to any established 00600 0 0 allow tcp from any to xxx.xxx.xxx.xxx 25 setup 00700 6292 276848 allow tcp from xxx.xxx.xxx.xxx to any setup 00800 17036 806604 allow tcp from any to any setup 00900 1235 243497 allow udp from any 53 to xxx.xxx.xxx.xxx 01000 1328 83719 allow udp from xxx.xxx.xxx.xxx to any 53 01100 0 0 allow udp from any 123 to xxx.xxx.xxx.xxx 01200 0 0 allow udp from xxx.xxx.xxx.xxx to any 123 65535 114488 38920560 allow ip from any to any xxx.xxx.xxx.xxx - is a router's IP. aaa.aaa.aaa.aaa - LAN so, I would like to forward all 80 packets to squid (3128). Using Squid-FAQ: ipfw add 49 allow tcp from xxx.xxx.xxx.xxx to any ipfw add 50 fwd 127.0.0.1,3128 tcp from any to any 80 After that I have troubles - 1) This configuration works fine during 3-4 minutes, than I could not = reach my local website - it says Access Denied. 2) After 1-2 minutes after 1). I do not have entire Internet connection = - there is no any squid errors - browser just tries to reach any website = with no success. I do not understand where is a mistake? Looks like some kind of overflow = but where is it? I use FreeBSD 3.4 Release, Squid 2.2Stable5. Thank you very much. ------=_NextPart_000_0013_01C00B9D.17964930 Content-Type: text/html; charset="koi8-r" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META content=3D"text/html; charset=3Dkoi8-r" http-equiv=3DContent-Type> <META content=3D"MSHTML 5.00.2314.1000" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial size=3D2>Good day!</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>Could you please tell me where is a = mistake in=20 transparent proxy configuration?<BR>I have squid working on 3128 port. I = would=20 like to setup transparent proxy:<BR></FONT></DIV> <DIV><FONT face=3DArial size=3D2>so, my squid.conf configuration = is:</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>http_port 3128<BR>httpd_accel_host=20 virtual<BR>httpd_accel_port 80<BR>httpd_accel_with_proxy=20 on<BR>httpd_accel_uses_host_header on</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>my ipfw rules are (ipfw = show):<BR>00100 =20 17205 10373558 allow ip from any to any via=20 lo0<BR>00200 =20 0 0 deny ip from any to=20 127.0.0.0/8<BR>00300 =20 0 0 allow ip from=20 xxx.xxx.xxx.xxx to = aaa.aaa.aaa.aaa/24<BR>00400 =20 0 0 allow ip from=20 aaa.aaa.aaa.aaa/24 to xxx.xxx.xxx.xxx<BR>00500 428420 176180909 allow = tcp from=20 any to any established<BR>00600 =20 0 0 allow tcp from any = to=20 xxx.xxx.xxx.xxx 25 setup<BR>00700 6292 = 276848=20 allow tcp from xxx.xxx.xxx.xxx to any setup<BR>00800 =20 17036 806604 allow tcp from any to any=20 setup<BR>00900 1235 243497 allow udp from = any 53=20 to xxx.xxx.xxx.xxx<BR>01000 1328 = 83719 allow=20 udp from xxx.xxx.xxx.xxx to any = 53<BR>01100 =20 0 0 allow udp from any = 123 to=20 xxx.xxx.xxx.xxx<BR>01200 =20 0 0 allow udp from=20 xxx.xxx.xxx.xxx to any 123<BR>65535 114488 38920560 allow ip from = any to=20 any</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>xxx.xxx.xxx.xxx - is a router's=20 IP.<BR>aaa.aaa.aaa.aaa - LAN</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>so, I would like to forward all 80 = packets to squid=20 (3128).</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>Using Squid-FAQ:<BR>ipfw add 49 = allow tcp=20 from xxx.xxx.xxx.xxx to any<BR>ipfw add 50 fwd 127.0.0.1,3128 tcp from = any to=20 any 80</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>After that I have troubles -<BR>1) This = configuration works fine during 3-4 minutes, than I could not reach my = local=20 website - it says Access Denied.<BR>2) After 1-2 minutes after 1). I do = not have=20 entire Internet connection - there is no any squid errors - browser just = tries=20 to reach any website with no success.</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>I do not understand where is a mistake? = Looks like=20 some kind of overflow but where is it?</FONT></DIV> <DIV><FONT face=3DArial size=3D2><BR>I use FreeBSD 3.4 Release, Squid=20 2.2Stable5.</FONT></DIV> <DIV> </DIV> <DIV><FONT face=3DArial size=3D2>Thank you very = much.</FONT></DIV></BODY></HTML> ------=_NextPart_000_0013_01C00B9D.17964930-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001801c00bbe$a0cf8420$076c2ad4>