Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 29 Jun 2016 21:13:42 -0300
From:      Thomas <>
To:        Ataro <>
Cc:        "" <>
Subject:   Re: force all the network traffic through a proxy server.
Message-ID:  <20160630001342.GA7528@host>
In-Reply-To: <>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Tue, Jun 28, 2016 at 01:48:30PM -0400, Ataro via freebsd-ipfw:
> Hi there,
> I've set up a FreeBSD machine inside a VirtualBox machine and used IPFW t=
o redirect all the requests to the internet through a squid proxy server ru=
nning on the same machine in port 3128 in intercept mode (also known as tra=
nsparent proxy mode).
> The problem is that I need a way to identify the packets that originates =
=66rom the squid server and let them pass out to the Internet but all other=
 packets must go through the squid server.
> my IPFW rules looks like the following:
> ipfw -f flush
> ipfw add 50 pass all from any to any via lo0
> ipfw add 100 pass all from any to any proto udp
> ipfw add 150 pass icmp from any to any
> ipfw add 200 fwd,3128 tag 1111 tcp from me to any
> ipfw add 250 pass all from to any tagged 1111
> Unfortunately, the packets that originates from the squid server redirect=
ed back to itself and I don't find a way to allow them pass out.
> Is someone here have an idea?
> Regards,
> Ataro.
> _______________________________________________
> mailing list
> To unsubscribe, send any mail to ""


Run the squid server as a separate user, and use the uid match pattern.



Want to link to this message? Use this URL: <>