From owner-freebsd-questions Mon Aug 21 5:27:25 2000 Delivered-To: freebsd-questions@freebsd.org Received: from manas.kg (linux.manas.kg [212.42.108.3]) by hub.freebsd.org (Postfix) with ESMTP id 1DA6337B422 for ; Mon, 21 Aug 2000 05:27:15 -0700 (PDT) Received: from vip (vip.manas.kg [212.42.108.7]) by manas.kg (8.9.3/8.9.3) with SMTP id RAA25311 for ; Mon, 21 Aug 2000 17:46:28 +0600 Message-ID: <001801c00bbe$a0cf8420$076c2ad4@manas.kg> From: "MANAS Mail Administrator" To: Subject: please help me with ipfw and transparent proxy Date: Mon, 21 Aug 2000 18:24:49 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0013_01C00B9D.17964930" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This is a multi-part message in MIME format. ------=_NextPart_000_0013_01C00B9D.17964930 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable Good day! Could you please tell me where is a mistake in transparent proxy = configuration? I have squid working on 3128 port. I would like to setup transparent = proxy: so, my squid.conf configuration is: http_port 3128 httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on my ipfw rules are (ipfw show): 00100 17205 10373558 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 allow ip from xxx.xxx.xxx.xxx to = aaa.aaa.aaa.aaa/24 00400 0 0 allow ip from aaa.aaa.aaa.aaa/24 to = xxx.xxx.xxx.xxx 00500 428420 176180909 allow tcp from any to any established 00600 0 0 allow tcp from any to xxx.xxx.xxx.xxx 25 setup 00700 6292 276848 allow tcp from xxx.xxx.xxx.xxx to any setup 00800 17036 806604 allow tcp from any to any setup 00900 1235 243497 allow udp from any 53 to xxx.xxx.xxx.xxx 01000 1328 83719 allow udp from xxx.xxx.xxx.xxx to any 53 01100 0 0 allow udp from any 123 to xxx.xxx.xxx.xxx 01200 0 0 allow udp from xxx.xxx.xxx.xxx to any 123 65535 114488 38920560 allow ip from any to any xxx.xxx.xxx.xxx - is a router's IP. aaa.aaa.aaa.aaa - LAN so, I would like to forward all 80 packets to squid (3128). Using Squid-FAQ: ipfw add 49 allow tcp from xxx.xxx.xxx.xxx to any ipfw add 50 fwd 127.0.0.1,3128 tcp from any to any 80 After that I have troubles - 1) This configuration works fine during 3-4 minutes, than I could not = reach my local website - it says Access Denied. 2) After 1-2 minutes after 1). I do not have entire Internet connection = - there is no any squid errors - browser just tries to reach any website = with no success. I do not understand where is a mistake? Looks like some kind of overflow = but where is it? I use FreeBSD 3.4 Release, Squid 2.2Stable5. Thank you very much. ------=_NextPart_000_0013_01C00B9D.17964930 Content-Type: text/html; charset="koi8-r" Content-Transfer-Encoding: quoted-printable

Good day!

Could you please tell me where is a = mistake in=20 transparent proxy configuration?
I have squid working on 3128 port. I = would=20 like to setup transparent proxy:

so, my squid.conf configuration = is:

http_port 3128
httpd_accel_host=20 virtual
httpd_accel_port 80
httpd_accel_with_proxy=20 on
httpd_accel_uses_host_header on

my ipfw rules are (ipfw = show):
00100 =20 17205 10373558 allow ip from any to any via=20 lo0
00200     =20 0         0 deny ip from any to=20 127.0.0.0/8
00300     =20 0         0 allow ip from=20 xxx.xxx.xxx.xxx to = aaa.aaa.aaa.aaa/24
00400     =20 0         0 allow ip from=20 aaa.aaa.aaa.aaa/24 to xxx.xxx.xxx.xxx
00500 428420 176180909 allow = tcp from=20 any to any established
00600     =20 0         0 allow tcp from any = to=20 xxx.xxx.xxx.xxx 25 setup
00700   6292    = 276848=20 allow tcp from xxx.xxx.xxx.xxx to any setup
00800 =20 17036    806604 allow tcp from any to any=20 setup
00900   1235    243497 allow udp from = any 53=20 to xxx.xxx.xxx.xxx
01000   1328     = 83719 allow=20 udp from xxx.xxx.xxx.xxx to any = 53
01100     =20 0         0 allow udp from any = 123 to=20 xxx.xxx.xxx.xxx
01200     =20 0         0 allow udp from=20 xxx.xxx.xxx.xxx to any 123
65535 114488 38920560 allow ip from = any to=20 any

xxx.xxx.xxx.xxx - is a router's=20 IP.
aaa.aaa.aaa.aaa - LAN

so, I would like to forward all 80 = packets to squid=20 (3128).

Using Squid-FAQ:
ipfw add 49 = allow tcp=20 from xxx.xxx.xxx.xxx to any
ipfw add 50 fwd 127.0.0.1,3128 tcp from = any to=20 any 80

After that I have troubles -
1) This = configuration works fine during 3-4 minutes, than I could not reach my = local=20 website - it says Access Denied.
2) After 1-2 minutes after 1). I do = not have=20 entire Internet connection - there is no any squid errors - browser just = tries=20 to reach any website with no success.

I do not understand where is a mistake? = Looks like=20 some kind of overflow but where is it?

I use FreeBSD 3.4 Release, Squid=20 2.2Stable5.

Thank you very = much.

------=_NextPart_000_0013_01C00B9D.17964930-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message